Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log - Please Help


  • This topic is locked This topic is locked
16 replies to this topic

#1 kcmatower

kcmatower

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 02 October 2008 - 03:50 PM

Hello and thanks for the great site. When i click anything on my desktop, it brings up boxs asking if I want to delete the icon. Trying to say no or closing out is no good the windows prompts keep coming back. Now IE is gone from desktop and when i try to run it , says it cant be found and now it is trying to delete my security folder. I can use Firefox from the start menu but when i try to scroll on a page it pops right back to the top of the page and if I type in the address bar, it starts deleting what I wrote. Well, here is my HiJack log and thank you again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:30 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BeFree4iPhone] "C:\Program Files\E.W.E.-Software\Befree4iPhone\befree4iphone.exe" /min
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-arab.com/flashcab/ipix/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mividadediamante.spaces.live.com//P...ad/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132403515125
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://142.22.58.150/activex/AxisCamControl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F461205D-ABDC-42FE-B2E2-AFD4600B905E} (MASHControl Class) - http://www.amiuptodate.com/vsc/mvt/bin/1,0,0,7/mash.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tec...tionControl.cab
O18 - Protocol: bw+0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DF5BC496-7C35-4F72-BC19-7660FE4454EE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 24310 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:01 PM

Posted 07 October 2008 - 09:12 PM

Hello, kcmatower.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 kcmatower

kcmatower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 09 October 2008 - 05:01 AM

Billy thank you again!

Here are the logs you requested.

View it:

OTViewIt logfile created on: 10/8/2008 8:43:43 PM - Run
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 42.81% Memory free
2.91 Gb Paging File | 2.12 Gb Available in Paging File | 72.72% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 2.10 Gb Free Space | 1.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KCMATOWER
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/06/02 23:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/06/02 23:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/01/04 14:27:08 | 00,587,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2007/10/19 14:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[2007/02/01 18:11:29 | 00,057,344 | ---- | M] ((주)마크애니) -- C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
[2007/08/04 02:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.EXE
[2008/06/20 10:43:59 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2007/10/19 14:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2007/03/14 17:03:40 | 00,975,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
[2007/10/19 14:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2007/06/28 14:36:16 | 00,401,720 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kevin\Local Settings\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe
[2008/10/02 05:38:00 | 07,660,656 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/04/13 20:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/30 12:34:12 | 00,566,592 | ---- | M] (Apple Inc.) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[2007/08/30 17:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/10/08 20:43:05 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/01/04 14:27:08 | 00,587,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/06/02 23:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/06/02 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2008/06/20 10:43:59 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/10/19 14:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
[2007/10/19 14:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2007/10/19 14:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/07/25 03:16:16 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2007/08/29 22:52:31 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/04/03 18:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Disabled | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2007/03/14 17:03:40 | 00,975,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [Auto | Running])

========== Driver Services ==========

[2008/06/03 02:20:54 | 03,100,160 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/05/30 18:58:52 | 00,028,160 | ---- | M] (W1zzard) -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool [System | Stopped])
[2006/12/08 22:38:12 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2006/12/08 22:38:06 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003/12/03 18:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd [System | Running])
[2002/12/17 12:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2002/03/03 16:26:38 | 00,093,068 | ---- | M] (Zoran Microelectronics Ltd.) -- C:\WINDOWS\system32\drivers\coachcap.sys -- (CoachCap [Auto | Stopped])
[2002/07/30 14:56:00 | 00,023,072 | ---- | M] (Accapella) -- C:\WINDOWS\system32\drivers\CoachUsb.sys -- (CoachUsb [On_Demand | Stopped])
[2002/07/30 14:56:00 | 00,014,336 | ---- | M] (Accapella) -- C:\WINDOWS\system32\drivers\CoachVc.sys -- (CoachVc [On_Demand | Stopped])
[2003/09/22 07:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2004/09/23 21:08:02 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2005/06/13 12:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2007/03/22 13:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro [Auto | Running])
[2007/03/22 13:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr [Auto | Running])
[2007/02/03 11:33:00 | 00,022,560 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Running])
File not found -- C:\DOCUME~1\Kevin\LOCALS~1\Temp\gAGP440p.sys -- (gAGP440p [On_Demand | Stopped])
[2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
File not found -- C:\DOCUME~1\Kevin\LOCALS~1\Temp\gmtxparh.sys -- (gmtxparh [On_Demand | Stopped])
File not found -- C:\DOCUME~1\Kevin\LOCALS~1\Temp\hmssmbio.sys -- (hmssmbio [On_Demand | Stopped])
[2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2003/07/07 14:26:44 | 00,026,541 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr [On_Demand | Stopped])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/10/19 14:16:30 | 02,109,976 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap [On_Demand | Running])
[2007/10/11 19:59:02 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv [On_Demand | Running])
[2007/02/03 11:30:58 | 01,507,232 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Running])
[2007/10/11 19:59:24 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2005/12/09 15:37:42 | 00,016,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon [On_Demand | Stopped])
[2007/10/11 22:00:42 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2007/02/03 11:32:46 | 01,939,360 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Running])
[2006/04/03 19:31:21 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Running])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2004/09/23 21:08:02 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2007/07/13 09:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2002/12/13 04:06:40 | 00,129,875 | R--- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA [On_Demand | Stopped])
[2006/10/13 20:14:26 | 00,034,978 | R--- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Wizet\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
[2006/10/13 20:14:26 | 00,037,009 | R--- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Wizet\MapleStory\npkcusb.sys -- (npkcusb [On_Demand | Running])
[2001/12/03 12:55:12 | 00,026,560 | ---- | M] (Zoran Ltd.) -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2 [On_Demand | Stopped])
[2001/12/03 12:55:14 | 00,155,264 | ---- | M] (Zoran Ltd.) -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision [On_Demand | Stopped])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2003/09/22 07:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2003/09/22 11:43:06 | 01,330,048 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X [On_Demand | Running])
[2002/06/14 13:49:56 | 00,010,194 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2004/06/03 04:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2002/09/03 12:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/09/23 21:08:02 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2006/12/08 22:38:01 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2005/10/24 19:17:40 | 00,162,816 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
[2007/04/03 14:59:30 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus [On_Demand | Stopped])
[2007/04/03 14:59:36 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl [On_Demand | Stopped])
[2007/04/03 14:59:38 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm [On_Demand | Stopped])
[2007/04/03 14:59:40 | 00,100,360 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt [On_Demand | Stopped])
[2007/04/03 14:59:42 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5 [On_Demand | Stopped])
[2007/04/03 14:59:42 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex [On_Demand | Stopped])
[2007/04/03 14:59:42 | 00,099,080 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic [On_Demand | Stopped])
[2005/06/17 17:41:04 | 00,173,568 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiH040B.sys -- (SaiH040B [On_Demand | Stopped])
[2005/06/17 17:41:10 | 00,026,496 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiU040B.sys -- (SaiU040B [On_Demand | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2003/11/06 13:04:24 | 00,068,320 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd [Boot | Running])
[2006/06/26 18:32:58 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2004/09/23 21:08:02 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008/07/03 02:12:48 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2002/09/03 13:14:25 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2008/09/02 15:29:46 | 00,024,576 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\GameTap\bin\release\X4HSX32.sys -- (X4HSX32 [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MAAgent"=C:\Program Files\MarkAny\ContentSafer\MAAgent.exe ((주)마크애니)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeFree4iPhone"="C:\Program Files\E.W.E.-Software\Befree4iPhone\befree4iphone.exe" /min File not found
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork (IGN Entertainment)
"LDM"=\Program\ File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeFree4iPhone"="C:\Program Files\E.W.E.-Software\Befree4iPhone\befree4iphone.exe" /min File not found
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork (IGN Entertainment)
"LDM"=\Program\ File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0
"ConnWiz Admin Lock"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ConnWiz Admin Lock"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ConnWiz Admin Lock"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ConnWiz Admin Lock"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ConnWiz Admin Lock"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0
"ConnWiz Admin Lock"=0

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
""=
"NoDriveTypeAutoRun"=_ [binary data]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"disableregistrytools"=0
"disabletaskmgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"disableregistrytools"=0
"disabletaskmgr"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{B13B4423-2647-4cfc-A4B3-C7D56CB83487}: Button: Share in Hello -- %ProgramFiles%\Hello\PicasaCapture.dll [2005/01/11 22:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
{B13B4423-2647-4cfc-A4B3-C7D56CB83487}: Menu: Share in H&ello -- %ProgramFiles%\Hello\PicasaCapture.dll [2005/01/11 22:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
musicmatch.com\online: https in Computer
2 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00B71CFB-6864-4346-A978-C0A14556272C}: http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab -- Checkers Class
{11260943-421B-11D0-8EAC-0000C07D88CF}: http://www.burj-al-arab.com/flashcab/ipix/ipixx.cab -- iPIX ActiveX Control
{14B87622-7E19-4EA8-93B3-97215F77A6BC}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{33564D57-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab -- FilePlanet Download Control Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab -- McAfee.com Operating System Class
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://mividadediamante.spaces.live.com//P...ad/MsnPUpld.cab -- MSN Photo Upload Tool
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/webplayer/stage6/...owserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1132403515125 -- MUWebControl Class
{8714912E-380D-11D5-B8AA-00D0B78F3D48}: http://chat.yahoo.com/cab/yuplapp.cab -- Yahoo! Webcam Upload Wrapper
{87587503-20F0-4FF5-8DA3-0107C4C03FDC}: http://downloads.comcast.net/videomail/vmLauncher.cab -- vmLaunch Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{9122D757-5A4F-4768-82C5-B4171D8556A7}: http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab -- PhotoPickConvert Class
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}: http://142.22.58.150/activex/AxisCamControl.cab -- CamImage Class
{9732FB42-C321-11D1-836F-00A0C993F125}: http://www.pcpitstop.com/mhLbl.cab -- mhLabel Class
{9CCE3B43-4DE0-4236-A84E-108CA848EE6A}: http://webcamnow.com/broadcast/ActiveXWebCam.cab -- WebCam Control
{A93D84FD-641F-43AE-B963-E6FA84BE7FE7}: http://www.linksysfix.com/netcheck/67/install/gtdownls.cab -- LinkSys Content Update
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab -- MSN Games - Installer
{B9191F79-5613-4C76-AA2A-398534BB8999}: http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab -- Reg Error: Key does not exist or could not be opened.
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab -- DwnldGroupMgr Class
{BD393C14-72AD-4790-A095-76522973D6B8}: http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab -- CBreakshotControl Class
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: -- MessengerStatsClient Class
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}: http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe -- Virtools WebPlayer Class
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{DBA230D1-8467-4e69-987E-5FAE815A3B45}: -- Reg Error: Key does not exist or could not be opened.
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}: http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx -- Hotmail Attachments Control
{F461205D-ABDC-42FE-B2E2-AFD4600B905E}: http://www.amiuptodate.com/vsc/mvt/bin/1,0,0,7/mash.cab -- MASHControl Class
{FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0}: http://www.musicmatch.com/form/support/tec...tionControl.cab -- moDiagCollectionActiveX Object
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{44907A3A-4751-4CB2-A46D-2CB808F1C923} (Servers: | Description: Nintendo Wi-Fi USB Connector)
{57556E75-A411-4ACB-AC1A-DD8704B2D1C7} (Servers: | Description: )
{6E58C60D-CC32-4492-869C-9EDDD1A8F52D} (Servers: | Description: Sony Ericsson Device 616 USB Ethernet Emulation (NDIS 5))
{E512C56D-4256-47F5-AB65-42B730AF6FFA} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}" (HKLM) -- C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/09/23 17:38:47 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f1d3b8-f782-11db-bebb-0007e97dabc4}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f1d3b8-f782-11db-bebb-0007e97dabc4}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f1d3b8-f782-11db-bebb-0007e97dabc4}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[17 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/10/08 20:43:02 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTViewIt.exe
[2008/10/02 16:48:18 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/10/02 16:37:45 | 00,024,615 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\hijackthis
[2008/10/02 05:14:05 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\stinger.opt
[2008/10/01 21:10:00 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Kevin\Desktop\stinger.exe
[2008/09/29 20:24:48 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/09/26 22:23:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/26 21:57:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/26 21:57:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/26 21:57:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/26 20:49:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/26 20:49:32 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/26 20:49:32 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/26 20:49:22 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/26 20:49:22 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/26 20:49:19 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/26 20:49:17 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/26 20:49:16 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/26 20:49:16 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/26 20:49:16 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/26 20:49:16 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/26 20:49:13 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/26 20:49:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/26 20:49:07 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/26 20:49:06 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/26 20:49:06 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/26 20:49:05 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/26 20:49:04 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/26 20:49:04 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/26 20:48:55 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/26 20:48:55 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/26 20:48:55 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/26 20:48:55 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/26 20:48:47 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/26 20:48:46 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/26 20:48:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/26 20:48:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/26 20:48:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/26 20:48:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/26 20:48:41 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/26 20:48:34 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/26 20:48:34 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/26 20:48:34 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/26 20:48:34 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/26 20:48:34 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/26 20:48:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/26 20:48:34 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/26 20:48:34 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/26 20:48:32 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/26 20:48:32 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/26 20:48:32 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/26 20:48:32 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/26 20:48:32 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/26 20:48:32 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/26 20:48:32 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/26 20:48:30 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/26 20:48:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/26 20:48:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/26 20:48:27 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/26 20:48:23 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/26 20:48:23 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/26 20:48:16 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/15 10:14:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Viewpoint
[2008/09/12 19:32:20 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/12 19:31:34 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/12 19:31:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/12 19:30:03 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/11 03:01:39 | 00,000,000 | ---D | C] -- C:\1959938fd3fc6ba181bd

========== Files - Modified Within 30 Days ==========

[17 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/10/08 20:43:05 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTViewIt.exe
[2008/10/06 22:02:58 | 00,000,033 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2008/10/04 14:35:15 | 00,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GameTap.lnk
[2008/10/03 15:58:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/02 17:00:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/02 16:59:43 | 00,057,650 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/02 16:57:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/02 16:57:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/02 16:57:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2008/10/02 16:37:45 | 00,024,615 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\hijackthis
[2008/10/02 05:14:05 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\stinger.opt
[2008/10/01 21:09:57 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Kevin\Desktop\stinger.exe
[2008/10/01 01:00:14 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/09/28 17:26:37 | 00,070,656 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 10:41:53 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/26 22:28:02 | 00,478,028 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/26 22:28:02 | 00,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/26 22:28:02 | 00,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/26 22:22:11 | 00,165,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/26 22:06:08 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/26 21:47:44 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/20 07:23:35 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\My Sharing Folders.lnk
[2008/09/15 01:17:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
< End of report >

Extras:

OTViewIt Extras logfile created on: 10/8/2008 8:43:43 PM - Run
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 42.81% Memory free
2.91 Gb Paging File | 2.12 Gb Available in Paging File | 72.72% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 2.10 Gb Free Space | 1.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KCMATOWER
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/11/12 21:15:43 | 00,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite
File not found -- C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo
[2006/10/27 20:27:40 | 00,497,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\The All-Seeing Eye\eye.exe:*:Enabled:The All-Seeing Eye
[2004/10/05 16:42:57 | 00,204,845 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer
File not found -- X:\Program Files\War Times\WARTIMES.EXE:*:Enabled:WARTIMES.EXE
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942
[2005/02/11 19:21:15 | 00,663,552 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
[2008/04/13 20:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2005/11/12 21:15:43 | 00,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/01/01 17:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2005/10/27 01:19:22 | 01,073,152 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2006/09/26 18:53:22 | 07,574,463 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
File not found -- C:\Program Files\Sony\EverQuest II\EQ2.exe:*:Enabled:EverQuest II
[2006/04/11 10:03:44 | 00,163,840 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
[2006/12/07 16:46:38 | 08,362,609 | ---- | M] () -- C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/07/10 04:51:14 | 00,090,178 | ---- | M] (Vibe Solutions Group, Inc) -- C:\Program Files\Comcast Video Mail\Comcast_Video_Mail.exe:*:Enabled:Comcast_video_mail.exe
[2008/04/10 05:57:11 | 01,271,032 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe:*:Disabled:Steam
File not found -- C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice
[2008/09/10 20:27:31 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\SteamApps\crossmod\team fortress 2\hl2.exe:*:Enabled:hl2
[2007/12/13 15:46:15 | 00,513,280 | ---- | M] (CCP hf.) -- C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\E.W.E.-Software\Befree4iPhone\befree4iphone.exe:*:Enabled:befree4iphone
[2008/02/22 02:23:39 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
File not found -- C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
[2008/05/21 14:23:52 | 02,797,568 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/10/02 05:38:00 | 07,660,656 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (offline-8876480:{DF5BC496-7C35-4F72-BC19-7660FE4454EE} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}"=PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2™
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}"=ATI HYDRAVISION
"{0B8FF60F-C012-4459-AADF-A3AD4E3757DE}"=Dell Picture Studio - Dell Image Expert
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{1116FD69-3C49-BE9A-C206-E8BA26CCA10F}"=CCC Help English
"{16FE2579-06B2-3E32-58F2-4B70B69A3070}"=ccc-core-preinstall
"{1DBB1B09-8A5C-4CEA-8623-3EE473D4530E}"=SMV Converter Tool 3.0
"{1EB21F28-E3AF-A317-4658-6C0C455C2F61}"=Catalyst Control Center Core Implementation
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}"=PACE System Files
"{29D88826-2AB9-11D5-8854-00902761A46D}"=WordPerfect Office 2002
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}"=iPod for Windows 2005-09-06
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}"=MVision
"{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}"=Virtual Earth 3D (Beta)
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{46D9C523-FABB-FFF1-321D-F493A68E2C3E}"=Catalyst Control Center Graphics Previews Common
"{4C6B97C0-C3BC-4368-8261-FDD8D6C7B14B}"=Tel-Ray Variable Delay
"{4ecaf021-478c-40c1-b777-3368a15f9966}"=Macromedia Flash Player
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{50D4CB89-AF34-4978-96DC-C3034062E901}"=Battlefield 2: Special Forces
"{57D32909-FCA8-A78B-2AD2-2A50F5E11858}"=ccc-core-static
"{57EA735B-4F1D-9FC5-6A36-B0C0F1D704FE}"=Catalyst Control Center Graphics Light
"{582876EC-A178-44D4-9823-C10D6C62EAFF}"=AGEIA PhysX v2.6.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}"=Microsoft IntelliType Pro 5.2
"{5DA6F06A-B389-407B-BF8C-1548767914D8}"=ATI Problem Report Wizard
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{64635543-70E7-436D-8D6D-4A721595029E}"=Microsoft IntelliPoint 5.2
"{67E158AF-8856-4337-B483-EA21930786AF}"=GameTap
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6831C13D-8D6F-4BA8-BF42-969E0B67ED4D}"=Puzzle Quest
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{7148F0A8-6813-11D6-A77B-00B0D0142050}"=Java 2 Runtime Environment, SE v1.4.2_05
"{7148F0A8-6813-11D6-A77B-00B0D0142060}"=Java 2 Runtime Environment, SE v1.4.2_06
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{79E147E8-2113-4BE0-9AB4-360B85CC3051}"=GameShadow
"{7BEA122E-E255-44D4-B259-CC2637B6EBD7}"=Sony PSP Media Manager 1.0a
"{85D3CC30-8859-481A-9654-FD9B74310BEF}"=Musicmatch® Jukebox
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8CC42289-E228-4A35-B8A9-015242283BB2}"=SPORE™ Creature Creator
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}"=Logitech QuickCam
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}"=Sound Blaster Live!
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}"=Google Earth
"{A1960A82-DB70-474D-A86B-FA74466103C6}"=Drivers Install For Linksys Easylink Advisor
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}"=Windows Defender
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{BEF726DD-4037-4214-8C6A-E625C02D2870}"=Logitech Audio Echo Cancellation Component
"{C01408FC-117C-44B7-8B0C-17794E526A01}"=Disc2Phone
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=Samsung Media Studio
"{C5B99684-9B23-4315-881B-57E078189B00}"=SansAmp PSA-1
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}"=Camera Driver
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}"=Paint Shop Pro 7
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DE31F8AA-B12D-3A38-E561-C657EED45465}"=Catalyst Control Center Graphics Full Existing
"{DEC511B1-59CB-4F15-AD75-0543034572A5}"=MapleStory
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E6EB53D4-5AD0-07F0-2DAC-0A2D624DF39D}"=ccc-utility
"{E7391464-6939-413C-B427-32F33FE13484}"=GameSpy Comrade
"{E74CC47C-28D3-25E1-14D2-68EBC87C31BA}"=Skins
"{EA516024-D84D-41F1-814F-83175A6188F2}"=Logitech Video Enumerator
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}"=Battlefield 2142
"{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}"=Zune
"{F251B61F-9D18-13C4-02EE-71A36343D442}"=Catalyst Control Center Graphics Full New
"3DGroove"=OTOY
"6F128087AFFFF5D4F4FEE6429736470CD5C1E4E2"=Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AdobeESD"=Adobe Download Manager 1.2 (Remove Only)
"All ATI Software"=ATI - Software Uninstall Utility
"AOL Instant Messenger"=AOL Instant Messenger
"ATI Display Driver"=ATI Display Driver
"ATITool"=ATITool Overclocking Utility
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1"=Conexant D850 56K V.9x DFVc Modem
"Code Head X-Treme Culture"=Code Head X-Treme Culture
"CoH"=City of Villains/City of Heroes (remove only)
"Comcast PhotoShow Deluxe 4"=Comcast PhotoShow Deluxe 4
"Comcast Video Mail"=Comcast Video Mail - Version 3.4 Build 3778
"comcastDD"=Desktop Doctor
"DesertCombat"=DesertCombat 0.7
"EasyLinkAdvisor"=Linksys EasyLink Advisor 1.6 (0032)
"EVE"=EVE-ONLINE (remove only)
"ExpressBurn"=Express Burn
"GameSpy Arcade"=GameSpy Arcade
"Google Updater"=Google Updater
"GoogleVideoViewer"=Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
"Halo"=Microsoft Halo
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IGN Download Manager"=IGN Download Manager 2.3.0
"InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}"=iPod for Windows 2005-09-06
"JumpStart Advanced 3rd Grade"=JumpStart Advanced 3rd Grade
"Lame MP3 Codec (for the ACM)"=Lame ACM MP3 Codec
"legacyqcam_10.51"=Logitech Legacy USB Camera Driver Package
"lvdrivers_11.50"=Logitech QuickCam Driver Package
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"mIRC"=mIRC
"Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14)
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Mystery Club Gadget Games"=Mystery Club Gadget Games
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NxPhoto"=NxPhoto
"NxvConverter"=NxvConverter
"OpenAL"=OpenAL
"PicasaNet"=Hello (remove only)
"PROSet"=Intel® PRO Network Connections Drivers
"RealArcade 1.2"=RealArcade
"RealPlayer 6.0"=RealPlayer
"Scholastic's I SPY Spooky Mansion"=Scholastic's I SPY Spooky Mansion
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"Steam App 400"=Portal
"Steam App 440"=Team Fortress 2
"Switch"=Switch
"To The Eds-treme"=To The Eds-treme
"ViewpointMediaPlayer"=Viewpoint Media Player
"WavePad"=WavePad Uninstall
"WebCam Recorder_is1"=WebCam Recorder
"WIC"=Windows Imaging Component
"WiFiConnector"=Nintendo Wi-Fi USB Connector Registration Tool
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WordPerfect Office 2002"=WordPerfect Office 2002
"World of Warcraft"=World of Warcraft
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1"=XviD MPEG-4 Video Codec
"Yahoo! Messenger"=Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2008 8:11:43 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 9/29/2008 8:16:12 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 9/29/2008 8:16:12 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 9/29/2008 8:29:30 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4092 (0xffc) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 9/29/2008 9:48:17 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3344 (0xd10) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/1/2008 9:11:15 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3688 (0xe68) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\bf2_v1_12update.exe
by C:\Program Files\Mozilla Firefox\firefox.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/1/2008 11:04:29 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 5552 (0x15b0) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Kevin\My
Documents\My Downloads\BF2_Patch_1.4.exe by C:\Program Files\Mozilla Firefox\firefox.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 10/2/2008 5:35:21 AM | Computer Name = KCMATOWER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.20121, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 10/2/2008 5:53:18 AM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 5268 (0x1494) Thread address : 0x121FB816 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Program Files\Mozilla Firefox\firefox.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/7/2008 8:53:35 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3656 (0xe48) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 10/1/2008 8:41:57 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/1/2008 8:41:58 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/1/2008 8:41:58 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/1/2008 8:41:58 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/1/2008 9:11:28 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/1/2008 11:04:44 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/2/2008 5:53:23 AM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7034
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 3 time(s).

Error - 10/2/2008 4:58:14 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7000
Description = The Concord Eye-Q Duo 2000 USB Video Capture V1.01 service failed
to start due to the following error: %%1058

Error - 10/2/2008 4:58:50 PM | Computer Name = KCMATOWER | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/7/2008 8:53:42 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.


< End of report >
and Kaspersky :

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 08, 2008 16:55:28
Records in database: 1299861
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 191081
Threat name: 4
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 03:58:24


File name / Threat name / Threats count
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-249be99f Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-31e2dc4b.zip Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\WINDOWS\pi1_36.exe Infected: Trojan-Downloader.Win32.Small.cqy 1

The selected area was scanned.

Thanks again!

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:01 PM

Posted 09 October 2008 - 02:52 PM

Hello, kcmatower.
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
That really doesn't sound like a malware issue.. but we'll make sure everything's alright :thumbsup:

We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
J2SE Runtime Environment 5.0 Update 2, Java™ 6 Update 3, Java™ 6 Update 5, Java 2 Runtime Environment, SE v1.4.2_05, Java 2 Runtime Environment, SE v1.4.2_06

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :services
    gAGP440p
    gmtxparh
    hmssmbio
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"=-
    :commands
    [EmptyTemp]
    :files
    C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-249be99f
    C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-31e2dc4b.zip
    C:\WINDOWS\pi1_36.exe
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • GMER's Log
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 kcmatower

kcmatower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 10 October 2008 - 05:03 AM

Thanks you again.

Here is the Moveit log:

========== SERVICES/DRIVERS ==========
Unable to stop service gAGP440p .
Unable to stop service gmtxparh .
Unable to stop service hmssmbio .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LDM not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_MIQMdeoQUpmX9MI scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
========== FILES ==========
File/Folder C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-249be99f not found.
File/Folder C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-31e2dc4b.zip not found.
File/Folder C:\WINDOWS\pi1_36.exe not found.

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10092008_202210

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcmsc_MIQMdeoQUpmX9MI not found!
C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\XUL.mfl moved successfully.

And Gmer:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-09 21:17:33
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA8C169B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA8C16A49]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA8C1695D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA8C16976]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA8C16A5D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA8C16A89]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA8C16AF7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA8C16AE1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA8C169F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA8C16B23]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA8C16A35]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA8C16930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA8C16944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA8C169C6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA8C16B5F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA8C16ACB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA8C16AB5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA8C16A73]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA8C16B4B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA8C16B37]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA8C1699E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA8C1698A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA8C16A9F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA8C16A21]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA8C16B0D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA8C16A08]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA8C169DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP A8C169E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP A8C16A39 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F1 7 Bytes JMP A8C16AB9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP A8C169B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP A8C1698E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP A8C16A4D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP A8C16B63 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP A8C16AFB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP A8C16934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP A8C169CA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP A8C16AA3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP A8C16A0C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP A8C169F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC60 7 Bytes JMP A8C1697A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822E0 5 Bytes JMP A8C16A25 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1BD 5 Bytes JMP A8C16948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A68D 5 Bytes JMP A8C16B27 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8059066B 7 Bytes JMP A8C16AE5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D50 7 Bytes JMP A8C16A8D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952BE 7 Bytes JMP A8C16A61 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B135A 5 Bytes JMP A8C16961 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCDF 5 Bytes JMP A8C169A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9FA 7 Bytes JMP A8C16B11 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E320 7 Bytes JMP A8C16ACF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E79E 7 Bytes JMP A8C16A77 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC91 5 Bytes JMP A8C16B3B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0FA 5 Bytes JMP A8C16B4F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0000
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0091
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0F9C
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0076
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE005B
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE002F
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00AE
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F66
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE00E4
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F4B
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BE00FF
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BE0040
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BE0F81
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BE0FB9
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BE00BF
.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BD0036
.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BD0076
.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BD0025
.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BD0014
.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BD0FB9
.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BD0FCA
.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DD, 88 ]
.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BD0047
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F30000
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F30087
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F30F92
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F3006C
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F30FAF
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F30FC0
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F300D0
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F300B5
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F300FC
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F300EB
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F30F52
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F30051
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F3001B
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F30098
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F30FDB
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F3002C
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F30F6D
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F20025
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F20F8A
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F20014
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F20FDE
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F20051
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F20FAF
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 12, 89 ]
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F20036
.text C:\WINDOWS\System32\svchost.exe[660] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070076
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0007004A
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F8D
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F49
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070091
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700C7
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F24
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F13
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00070F66
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000700A2
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA005B
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F81
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F9E
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FC0
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F3F
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F66
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00C0
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F1D
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BA0F02
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BA0FAF
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BA0087
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BA0F2E
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B90FB2
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B90054
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B90039
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B90028
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B90FA1
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A80F8B
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A80076
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A80F9C
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A80065
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A80040
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A80F4E
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A80F5F
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A80F22
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A80F33
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00A800D6
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00A80FC3
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A80FDE
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00A80F70
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00A8002F
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00A80014
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C8623AD 1 Byte [ E9 ]
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec + 2 7C8623AF 3 Bytes [ DC, 21, 84 ]
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00A70FAF
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00A7003D
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00A70FCA
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00A7002C
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00A70FE5
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00A70F8A
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ C7, 88 ]
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00A70011
.text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC006C
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC005B
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0F8D
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F9E
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC002F
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00A4
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0087
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F26
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F37
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BC00D0
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BC004A
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BC0FDB
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BC0F5C
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BC00B5
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BB0051
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DB, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02BB0000
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02BB0067
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02BB0F72
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02BB0F8D
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02BB0FA8
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02BB0FD4
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02BB0F3F
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02BB0F50
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02BB00CE
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02BB00B3
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02BB00DF
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02BB0FB9
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02BB001B
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02BB0F61
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02BB0040
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02BB0FE5
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02BB00A2
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02B90FB9
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02B90039
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02B90FCA
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02B9000A
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02B90F7C
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02B90FE5
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02B90F8D
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ D9, 8A ]
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02B90F9E
.text C:\WINDOWS\System32\svchost.exe[1120] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02A2000A
.text C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02BA0FEF
.text C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02BA0FD4
.text C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02BA0FC3
.text C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02BA000A
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F7E
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065007D
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0065006C
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0065005B
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F52
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F63
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500D0
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500B5
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00650F12
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0065008E
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00650F37
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00640036
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00640F9E
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00640FDB
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00640011
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00640FB9
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00640FCA
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 84, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00640047
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008C000A
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008C0F77
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008C0076
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008C0FA8
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008C0FC3
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008C0FDE
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008C0091
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008C0F4B
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008C0F13
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008C0F2E
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 008C00C7
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 008C0065
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 008C001B
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 008C0F66
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 008C0036
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 008C00AC
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 008B0036
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 008B0FC0
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 008B0FE5
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 008B0011
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 008B007D
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 008B0000
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 008B0062
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 008B0051
.text C:\WINDOWS\System32\svchost.exe[1388] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00890FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1476] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01730FE5
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01730F81
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01730F92
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01730FAF
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0173006C
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01730040
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 017300C7
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 017300AC
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017300F3
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017300D8
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01730118
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01730051
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01730000
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01730091
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0173001B
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01730FD4
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01730F5A
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01710FC3
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01710F7C
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01710014
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01710FD4
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01710F8D
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01710FEF
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01710FA8
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 91, 89 ]
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0171002F
.text C:\WINDOWS\System32\svchost.exe[1496] WS2_32.dll!socket 71AB4211 5 Bytes JMP 016F0000
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01720000
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01720FDB
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01720011
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01720022
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F77
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F94
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0047
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A008E
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A007D
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F06
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F21
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0EF5
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A006C
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\Explorer.EXE[2328] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00A9
.text C:\WINDOWS\Explorer.EXE[2328] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 003A0FAF
.text C:\WINDOWS\Explorer.EXE[2328] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 003A0025
.text C:\WINDOWS\Explorer.EXE[2328] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 003A0FCA
.text C:\WINDOWS\Explorer.EXE[2328] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 003A0000
.text C:\WINDOWS\Explorer.EXE[2328] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 003A0F68
.text C:\WINDOWS\Explorer.EXE[2328] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 003A0FE5
.text C:\WINDOWS\Explorer.EXE[2328] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 003A0F79
.text C:\WINDOWS\Explorer.EXE[2328] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 5A, 88 ]
.text C:\WINDOWS\Explorer.EXE[2328] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 003A0F9E
.text C:\WINDOWS\Explorer.EXE[2328] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 003D0000
.text C:\WINDOWS\Explorer.EXE[2328] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 003D0FE5
.text C:\WINDOWS\Explorer.EXE[2328] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 003D0011
.text C:\WINDOWS\Explorer.EXE[2328] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 003D0036
.text C:\WINDOWS\Explorer.EXE[2328] WS2_32.dll!socket 71AB4211 5 Bytes JMP 016D0FE5

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\Explorer.EXE[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2728] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2728] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2728] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2728] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Kevin\My Documents\gmer.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Kevin\My Documents\gmer.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Kevin\My Documents\gmer.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Kevin\My Documents\gmer.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MarkAny\ContentSafer\MAAgent.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MarkAny\ContentSafer\MAAgent.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MarkAny\ContentSafer\MAAgent.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MarkAny\ContentSafer\MAAgent.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3828] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3828] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3828] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3828] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----

and

Eset

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3509 (20081009)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=3caf015d218d914996423b048570d2a5
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-10 03:56:04
# local_time=2008-10-09 11:56:04 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=413241
# found=0
# scan_time=9101

Whew !

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:01 PM

Posted 10 October 2008 - 06:33 PM

Hello, kcmatower.
Hmm... seems OTMI had a little bit of a hiccup. Please try this instead:

We need to run ComboFix.In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 kcmatower

kcmatower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 10 October 2008 - 08:17 PM

Here is the

ComboFix.txt

ComboFix 08-10-10.08 - Kevin 2008-10-10 20:53:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012 [GMT -4:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Cheryl\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA.cfg
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA0.che
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA1.che
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA2.che
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA3.che
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA4.che
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA5.che
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA6.che
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA7.che
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA8.che
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\MUZAoDA9.che
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.

2008-10-09 21:23 . 2008-10-09 23:56 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-10-09 20:13 . 2008-10-09 20:28 345 --a------ C:\WINDOWS\gmer.ini
2008-10-09 20:01 . 2008-10-09 20:01 <DIR> d-------- C:\_OTMoveIt
2008-10-01 21:00 . 2008-10-02 08:23 <DIR> d-------- C:\Documents and Settings\Kevin\.housecall6.6
2008-09-29 20:24 . 2008-09-29 20:24 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-26 21:57 . 2008-09-26 21:57 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-26 21:57 . 2008-09-26 21:57 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-26 21:57 . 2008-09-26 21:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-26 20:48 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-09-15 10:14 . 2008-09-15 10:14 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Viewpoint
2008-09-12 19:31 . 2008-09-12 19:32 <DIR> d-------- C:\Program Files\iTunes
2008-09-12 19:31 . 2008-09-12 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 19:30 . 2008-09-12 19:30 <DIR> d-------- C:\Program Files\Bonjour
2008-09-11 03:01 . 2008-09-11 03:01 <DIR> d-------- C:\1959938fd3fc6ba181bd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-10 00:23 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-10-09 23:58 --------- d-----w C:\Program Files\Java
2008-10-02 13:56 --------- d-----w C:\Program Files\City of Heroes
2008-09-30 00:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-15 23:43 --------- d-----w C:\Documents and Settings\Kevin\Application Data\SporeCreatureCreator
2008-09-12 23:31 --------- d-----w C:\Program Files\iPod
2008-09-12 23:29 --------- d-----w C:\Program Files\QuickTime
2008-09-12 23:28 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-12 11:36 --------- d-----w C:\Program Files\McAfee
2008-09-11 00:44 --------- d-----w C:\Program Files\Steam
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-26 14:15 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Move Networks
2008-07-28 01:49 40,960 ----a-w C:\WINDOWS\GORILLAZ_CLINT_EASTWOOD.dll
2008-07-28 01:49 241,574 ----a-w C:\WINDOWS\GORILLAZ_CLINT_EASTWOOD.scr
2008-07-28 01:49 1,144,207 ----a-w C:\WINDOWS\GORILLAZ_CLINT_EASTWOOD.exe
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2005-11-30 02:06 0 -c-ha-w C:\Program Files\Common Files\MSN
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-01-11 972432]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-13 339968]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-02-01 57344]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.PIXL"= pclepixl.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.NTN1"= NUVision.ax
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-07-13 21:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
--a------ 2006-07-09 15:42 136752 C:\PROGRA~1\McAfee.com\Shared\mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 19:16 454784 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-01-11 17:07 972432 C:\Program Files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2004-06-03 04:50 204800 C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 17:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2007-08-04 02:33 582992 c:\PROGRA~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2007-12-06 14:10 419152 C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2006-11-07 16:41 8192 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2005-05-09 19:16 192512 C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
-----c--- 2007-03-14 08:12 126976 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-10 05:57 1271032 c:\Program Files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2004-10-05 16:42 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
--a--c--- 2004-06-03 04:51 172032 C:\Program Files\Microsoft IntelliType Pro\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a--c--- 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-03-14 17:03 24104 C:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.2.1-patch-enUS-Downloader.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Comcast Video Mail\\Comcast_Video_Mail.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\crossmod\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6119:TCP"= 6119:TCP:wow
"6112:TCP"= 6112:TCP:wowupdater
"3724:TCP"= 3724:TCP:wow
"6881:TCP"= 6881:TCP:wow
"6999:TCP"= 6999:TCP:wow
"14567:UDP"= 14567:UDP:Punkbuster
"3689:TCP"= 3689:TCP:itunes
"5353:UDP"= 5353:UDP:itunes

S2 CoachCap;Concord Eye-Q Duo 2000 USB Video Capture V1.01;C:\WINDOWS\system32\drivers\CoachCap.sys [2002-03-03 93068]
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [ ]
S3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2003-07-07 26541]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16768]
S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9f1d3b8-f782-11db-bebb-0007e97dabc4}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-09-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-10-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2006-12-28 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-04-03 18:12]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BeFree4iPhone - C:\Program Files\E.W.E.-Software\Befree4iPhone\befree4iphone.exe
MSConfigStartUp-DigidesignMMERefresh - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
MSConfigStartUp-gcasServ - C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
MSConfigStartUp-LoadMSvcmm - C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
MSConfigStartUp-LogitechVideo[inspector] - C:\Program Files\Logitech\Video\InstallHelper.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PCShield - C:\WINDOWS\system32\sfg_4e85.dll
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
MSConfigStartUp-VirusScan Online - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe
MSConfigStartUp-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - C:\Program Files\Google\Gmail Notifier\gnotify.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\6l0v6rdt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 21:01:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-10 21:08:34
ComboFix-quarantined-files.txt 2008-10-11 01:08:10

Pre-Run: 2,440,982,528 bytes free
Post-Run: 3,387,711,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

251 --- E O F --- 2008-09-27 23:17:49

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:01 PM

Posted 10 October 2008 - 08:33 PM

Hello, kcmatower.
We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    driver::
    dalwdmservice
    gAGP440p
    gmtxparh
    hmssmbio
    registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 kcmatower

kcmatower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 10 October 2008 - 09:27 PM

Here is the ComboFix.Txt

ComboFix 08-10-10.09 - Kevin 2008-10-10 21:46:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023 [GMT -4:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GAGP440P
-------\Legacy_GMTXPARH
-------\Legacy_HMSSMBIO
-------\Service_dalwdmservice


((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.

2008-10-09 21:23 . 2008-10-09 23:56 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-10-09 20:13 . 2008-10-09 20:28 345 --a------ C:\WINDOWS\gmer.ini
2008-10-09 20:01 . 2008-10-09 20:01 <DIR> d-------- C:\_OTMoveIt
2008-10-01 21:00 . 2008-10-02 08:23 <DIR> d-------- C:\Documents and Settings\Kevin\.housecall6.6
2008-09-29 20:24 . 2008-09-29 20:24 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-26 21:57 . 2008-09-26 21:57 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-26 21:57 . 2008-09-26 21:57 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-26 21:57 . 2008-09-26 21:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-26 20:48 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-09-15 10:14 . 2008-09-15 10:14 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Viewpoint
2008-09-12 19:31 . 2008-09-12 19:32 <DIR> d-------- C:\Program Files\iTunes
2008-09-12 19:31 . 2008-09-12 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 19:30 . 2008-09-12 19:30 <DIR> d-------- C:\Program Files\Bonjour
2008-09-11 03:01 . 2008-09-11 03:01 <DIR> d-------- C:\1959938fd3fc6ba181bd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 01:50 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-10-10 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-09 23:58 --------- d-----w C:\Program Files\Java
2008-10-02 13:56 --------- d-----w C:\Program Files\City of Heroes
2008-09-30 00:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-15 23:43 --------- d-----w C:\Documents and Settings\Kevin\Application Data\SporeCreatureCreator
2008-09-12 23:31 --------- d-----w C:\Program Files\iPod
2008-09-12 23:29 --------- d-----w C:\Program Files\QuickTime
2008-09-12 23:28 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-12 11:36 --------- d-----w C:\Program Files\McAfee
2008-09-11 00:44 --------- d-----w C:\Program Files\Steam
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-26 14:15 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Move Networks
2008-07-28 01:49 40,960 ----a-w C:\WINDOWS\GORILLAZ_CLINT_EASTWOOD.dll
2008-07-28 01:49 241,574 ----a-w C:\WINDOWS\GORILLAZ_CLINT_EASTWOOD.scr
2008-07-28 01:49 1,144,207 ----a-w C:\WINDOWS\GORILLAZ_CLINT_EASTWOOD.exe
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2005-11-30 02:06 0 -c-ha-w C:\Program Files\Common Files\MSN
.

((((((((((((((((((((((((((((( snapshot@2008-10-10_21.07.25.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-01-11 972432]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-13 339968]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-02-01 57344]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.PIXL"= pclepixl.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.NTN1"= NUVision.ax
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-07-13 21:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
--a------ 2006-07-09 15:42 136752 C:\PROGRA~1\McAfee.com\Shared\mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 19:16 454784 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-01-11 17:07 972432 C:\Program Files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2004-06-03 04:50 204800 C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 17:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2007-08-04 02:33 582992 c:\PROGRA~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2007-12-06 14:10 419152 C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2006-11-07 16:41 8192 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2005-05-09 19:16 192512 C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
-----c--- 2007-03-14 08:12 126976 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-10 05:57 1271032 c:\Program Files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2004-10-05 16:42 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
--a--c--- 2004-06-03 04:51 172032 C:\Program Files\Microsoft IntelliType Pro\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a--c--- 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-03-14 17:03 24104 C:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.2.1-patch-enUS-Downloader.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Comcast Video Mail\\Comcast_Video_Mail.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\crossmod\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6119:TCP"= 6119:TCP:wow
"6112:TCP"= 6112:TCP:wowupdater
"3724:TCP"= 3724:TCP:wow
"6881:TCP"= 6881:TCP:wow
"6999:TCP"= 6999:TCP:wow
"14567:UDP"= 14567:UDP:Punkbuster
"3689:TCP"= 3689:TCP:itunes
"5353:UDP"= 5353:UDP:itunes

S2 CoachCap;Concord Eye-Q Duo 2000 USB Video Capture V1.01;C:\WINDOWS\system32\drivers\CoachCap.sys [2002-03-03 93068]
S3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2003-07-07 26541]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16768]
S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9f1d3b8-f782-11db-bebb-0007e97dabc4}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-09-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-10-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2006-12-28 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-04-03 18:12]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 21:51:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-10-10 22:16:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-11 02:15:19
ComboFix2.txt 2008-10-11 01:08:35

Pre-Run: 3,386,314,752 bytes free
Post-Run: 3,294,380,032 bytes free

242 --- E O F --- 2008-09-27 23:17:49

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:01 PM

Posted 10 October 2008 - 09:35 PM

Hello, kcmatower.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix
  • Please go to Start -> Run
  • Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
    Posted Image
  • Press OK (Or hit enter).
  • Allow ComboFix to remove itself.
We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 kcmatower

kcmatower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 10 October 2008 - 10:26 PM

Everything seems fine now !!! Thank you so much for your help! ummmmmm I guess my Mcafee and monthly adaware scan isnt enough eh??

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:01 PM

Posted 10 October 2008 - 10:54 PM

Hello, kcmatower.
I personally wouldn't give McAfee another cent... IMHO, there are better free scanners, such as Avast, AVG, and Avira. More information can be found at AV-Comparatives:
http://av-comparatives.org/

Hope that helps!

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:01 PM

Posted 11 October 2008 - 03:42 PM

Hello :thumbsup:

I have reopened the topic. Can you please give a brief description of the symptoms that have reccurred, as well as fresh OTVI logs? Thanks! In case you forgot that one, the instructions are:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Good luck!

Billy3

Edited by Billy O'Neal, 11 October 2008 - 03:43 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 kcmatower

kcmatower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 12 October 2008 - 06:55 PM

Any desktop icon that I click on, it prompts asking "Are you sure you want to delete this icon" if you click No, the box keep reappearing and wont go away. If we shut down or restart, then program that we were trying to open is gone, the icon is gone and if I try to open it from programs, it says cannot be found. This happened with IE and a folder i had calleed "Securitys" , all adaware program files , spybot, etc. Gone. I dont want to start clicking around. IE wasnt actually gone though. I found a Microsoft link when searching the computer for help and it open the link in IE. Well Thank you again for you time and all your help.

Here is the

ViewIt:

OTViewIt logfile created on: 10/12/2008 7:47:09 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\1T42UFBS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 69.48% Memory free
2.91 Gb Paging File | 2.39 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 3.46 Gb Free Space | 3.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KCMATOWER
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/06/02 23:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/06/02 23:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/01/04 14:27:08 | 00,587,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2007/10/19 14:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.EXE
[2008/06/20 10:43:59 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2007/10/19 14:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2007/02/01 18:11:29 | 00,057,344 | ---- | M] ((주)마크애니) -- C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2007/08/04 02:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2007/03/14 17:03:40 | 00,975,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
[2007/10/19 14:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/10/12 19:47:01 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\1T42UFBS\OTViewIt[1].exe

========== (O23) Win32 Services ==========

[2008/01/04 14:27:08 | 00,587,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/06/02 23:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/06/02 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2008/06/20 10:43:59 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/10/19 14:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
[2007/10/19 14:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2007/10/19 14:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/07/25 03:16:16 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2007/08/29 22:52:31 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/04/03 18:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Disabled | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2007/03/14 17:03:40 | 00,975,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [Auto | Running])

========== Driver Services ==========

[2008/06/03 02:20:54 | 03,100,160 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/05/30 18:58:52 | 00,028,160 | ---- | M] (W1zzard) -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool [System | Stopped])
[2006/12/08 22:38:12 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2006/12/08 22:38:06 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003/12/03 18:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd [System | Running])
[2002/12/17 12:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2002/03/03 16:26:38 | 00,093,068 | ---- | M] (Zoran Microelectronics Ltd.) -- C:\WINDOWS\system32\drivers\coachcap.sys -- (CoachCap [Auto | Stopped])
[2002/07/30 14:56:00 | 00,023,072 | ---- | M] (Accapella) -- C:\WINDOWS\system32\drivers\CoachUsb.sys -- (CoachUsb [On_Demand | Stopped])
[2002/07/30 14:56:00 | 00,014,336 | ---- | M] (Accapella) -- C:\WINDOWS\system32\drivers\CoachVc.sys -- (CoachVc [On_Demand | Stopped])
[2003/09/22 07:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2004/09/23 21:08:02 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2005/06/13 12:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2007/03/22 13:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro [Auto | Running])
[2007/03/22 13:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr [Auto | Running])
[2007/02/03 11:33:00 | 00,022,560 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Running])
[2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2003/07/07 14:26:44 | 00,026,541 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr [On_Demand | Stopped])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/10/19 14:16:30 | 02,109,976 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap [On_Demand | Running])
[2007/10/11 19:59:02 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv [On_Demand | Running])
[2007/02/03 11:30:58 | 01,507,232 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Running])
[2007/10/11 19:59:24 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2005/12/09 15:37:42 | 00,016,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon [On_Demand | Stopped])
[2007/10/11 22:00:42 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2007/02/03 11:32:46 | 01,939,360 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Running])
[2006/04/03 19:31:21 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2004/09/23 21:08:02 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2007/07/13 09:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2002/12/13 04:06:40 | 00,129,875 | R--- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA [On_Demand | Stopped])
[2006/10/13 20:14:26 | 00,034,978 | R--- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Wizet\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
[2006/10/13 20:14:26 | 00,037,009 | R--- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Wizet\MapleStory\npkcusb.sys -- (npkcusb [On_Demand | Running])
[2001/12/03 12:55:12 | 00,026,560 | ---- | M] (Zoran Ltd.) -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2 [On_Demand | Stopped])
[2001/12/03 12:55:14 | 00,155,264 | ---- | M] (Zoran Ltd.) -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision [On_Demand | Stopped])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2003/09/22 07:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2003/09/22 11:43:06 | 01,330,048 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X [On_Demand | Running])
[2002/06/14 13:49:56 | 00,010,194 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2004/06/03 04:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2002/09/03 12:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/09/23 21:08:02 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2006/12/08 22:38:01 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2005/10/24 19:17:40 | 00,162,816 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
[2007/04/03 14:59:30 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus [On_Demand | Stopped])
[2007/04/03 14:59:36 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl [On_Demand | Stopped])
[2007/04/03 14:59:38 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm [On_Demand | Stopped])
[2007/04/03 14:59:40 | 00,100,360 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt [On_Demand | Stopped])
[2007/04/03 14:59:42 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5 [On_Demand | Stopped])
[2007/04/03 14:59:42 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex [On_Demand | Stopped])
[2007/04/03 14:59:42 | 00,099,080 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic [On_Demand | Stopped])
[2005/06/17 17:41:04 | 00,173,568 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiH040B.sys -- (SaiH040B [On_Demand | Stopped])
[2005/06/17 17:41:10 | 00,026,496 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiU040B.sys -- (SaiU040B [On_Demand | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2003/11/06 13:04:24 | 00,068,320 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd [Boot | Running])
[2006/06/26 18:32:58 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2004/09/23 21:08:02 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008/07/03 02:12:48 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2002/09/03 13:14:25 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2008/09/02 15:29:46 | 00,024,576 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\GameTap\bin\release\X4HSX32.sys -- (X4HSX32 [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MAAgent"=C:\Program Files\MarkAny\ContentSafer\MAAgent.exe ((주)마크애니)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork (IGN Entertainment)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork (IGN Entertainment)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0
"ConnWiz Admin Lock"=0

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ConnWiz Admin Lock"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ConnWiz Admin Lock"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ConnWiz Admin Lock"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ConnWiz Admin Lock"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"SecurityTab"=0
"ConnectionsTab"=0
"ProgramsTab"=0
"PrivacyTab"=0
"AdvancedTab"=0
"ResetWebSettings"=0
"Settings"=0
"CertifPers"=0
"CertifSite"=0
"CertifPub"=0
"Profiles"=0
"FormSuggest"=0
"Ratings"=0
"ConnWiz Admin Lock"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
""=
"NoDriveTypeAutoRun"=227
"NoCDBurning"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{B13B4423-2647-4cfc-A4B3-C7D56CB83487}: Button: Share in Hello -- %ProgramFiles%\Hello\PicasaCapture.dll [2005/01/11 22:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
{B13B4423-2647-4cfc-A4B3-C7D56CB83487}: Menu: Share in H&ello -- %ProgramFiles%\Hello\PicasaCapture.dll [2005/01/11 22:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
musicmatch.com\online: https in Computer
2 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00B71CFB-6864-4346-A978-C0A14556272C}: http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab -- Checkers Class
{11260943-421B-11D0-8EAC-0000C07D88CF}: http://www.burj-al-arab.com/flashcab/ipix/ipixx.cab -- iPIX ActiveX Control
{14B87622-7E19-4EA8-93B3-97215F77A6BC}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{33564D57-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab -- FilePlanet Download Control Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab -- McAfee.com Operating System Class
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://mividadediamante.spaces.live.com//P...ad/MsnPUpld.cab -- MSN Photo Upload Tool
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/webplayer/stage6/...owserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1132403515125 -- MUWebControl Class
{8714912E-380D-11D5-B8AA-00D0B78F3D48}: http://chat.yahoo.com/cab/yuplapp.cab -- Yahoo! Webcam Upload Wrapper
{87587503-20F0-4FF5-8DA3-0107C4C03FDC}: http://downloads.comcast.net/videomail/vmLauncher.cab -- vmLaunch Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{9122D757-5A4F-4768-82C5-B4171D8556A7}: http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab -- PhotoPickConvert Class
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}: http://142.22.58.150/activex/AxisCamControl.cab -- CamImage Class
{9732FB42-C321-11D1-836F-00A0C993F125}: http://www.pcpitstop.com/mhLbl.cab -- mhLabel Class
{9CCE3B43-4DE0-4236-A84E-108CA848EE6A}: http://webcamnow.com/broadcast/ActiveXWebCam.cab -- WebCam Control
{A93D84FD-641F-43AE-B963-E6FA84BE7FE7}: http://www.linksysfix.com/netcheck/67/install/gtdownls.cab -- LinkSys Content Update
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab -- MSN Games - Installer
{B9191F79-5613-4C76-AA2A-398534BB8999}: http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab -- Reg Error: Key does not exist or could not be opened.
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab -- DwnldGroupMgr Class
{BD393C14-72AD-4790-A095-76522973D6B8}: http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab -- CBreakshotControl Class
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: -- MessengerStatsClient Class
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}: http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe -- Virtools WebPlayer Class
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{DBA230D1-8467-4e69-987E-5FAE815A3B45}: -- Reg Error: Key does not exist or could not be opened.
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}: http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx -- Hotmail Attachments Control
{F461205D-ABDC-42FE-B2E2-AFD4600B905E}: http://www.amiuptodate.com/vsc/mvt/bin/1,0,0,7/mash.cab -- MASHControl Class
{FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0}: http://www.musicmatch.com/form/support/tec...tionControl.cab -- moDiagCollectionActiveX Object
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{44907A3A-4751-4CB2-A46D-2CB808F1C923} (Servers: | Description: Nintendo Wi-Fi USB Connector)
{57556E75-A411-4ACB-AC1A-DD8704B2D1C7} (Servers: | Description: )
{6E58C60D-CC32-4492-869C-9EDDD1A8F52D} (Servers: | Description: Sony Ericsson Device 616 USB Ethernet Emulation (NDIS 5))
{E512C56D-4256-47F5-AB65-42B730AF6FFA} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}" (HKLM) -- C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/09/23 17:38:47 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f1d3b8-f782-11db-bebb-0007e97dabc4}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f1d3b8-f782-11db-bebb-0007e97dabc4}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f1d3b8-f782-11db-bebb-0007e97dabc4}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[17 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/10/10 23:20:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/10/10 23:12:09 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2008/10/10 23:12:09 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2008/10/10 23:12:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/10/10 23:11:31 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/10 23:10:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\NOS
[2008/10/10 23:06:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
[2008/10/10 23:05:59 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/10 23:05:59 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/10 23:05:58 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/10 23:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/10 23:05:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/10 23:03:44 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/10/10 23:01:43 | 00,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Kevin\Desktop\StartUpLite.exe
[2008/10/10 20:52:49 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/10/10 20:52:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/10 20:52:36 | 00,000,000 | ---D | C] -- C:\cmdcons
[2008/10/09 21:23:10 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2008/10/02 16:48:18 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/10/02 16:37:45 | 00,024,615 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\hijackthis
[2008/10/01 21:10:00 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Kevin\Desktop\stinger.exe
[2008/09/29 20:24:48 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/09/26 22:23:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/26 21:57:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/26 21:57:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/26 21:57:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/26 20:49:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/26 20:49:32 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/26 20:49:32 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/26 20:49:22 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/26 20:49:22 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/26 20:49:19 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/26 20:49:17 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/26 20:49:16 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/26 20:49:16 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/26 20:49:16 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/26 20:49:16 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/26 20:49:13 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/26 20:49:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/26 20:49:07 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/26 20:49:06 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/26 20:49:06 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/26 20:49:05 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/26 20:49:04 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/26 20:49:04 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/26 20:48:55 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/26 20:48:55 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/26 20:48:55 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/26 20:48:55 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/26 20:48:47 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/26 20:48:46 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/26 20:48:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/26 20:48:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/26 20:48:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/26 20:48:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/26 20:48:41 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/26 20:48:34 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/26 20:48:34 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/26 20:48:34 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/26 20:48:34 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/26 20:48:34 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/26 20:48:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/26 20:48:34 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/26 20:48:34 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/26 20:48:32 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/26 20:48:32 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/26 20:48:32 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/26 20:48:32 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/26 20:48:32 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/26 20:48:32 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/26 20:48:32 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/26 20:48:30 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/26 20:48:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/26 20:48:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/26 20:48:27 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/26 20:48:23 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/26 20:48:23 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/26 20:48:16 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/15 10:14:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Viewpoint

========== Files - Modified Within 30 Days ==========

[17 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/10/11 09:54:05 | 00,000,033 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2008/10/10 23:22:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/10 23:12:09 | 00,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2008/10/10 23:12:09 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2008/10/10 23:05:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/10 23:01:41 | 00,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Kevin\Desktop\StartUpLite.exe
[2008/10/10 22:54:27 | 00,059,014 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/10 22:53:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/10 22:52:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/10 22:52:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2008/10/10 21:51:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/10 21:51:05 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/10 20:52:49 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/10/10 15:58:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/09 22:33:19 | 00,070,656 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/09 19:46:24 | 02,111,842 | -H-- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\IconCache.db
[2008/10/04 14:35:15 | 00,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GameTap.lnk
[2008/10/02 16:37:45 | 00,024,615 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\hijackthis
[2008/10/01 21:09:57 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Kevin\Desktop\stinger.exe
[2008/10/01 01:00:14 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/09/27 10:41:53 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/26 22:28:02 | 00,478,028 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/26 22:28:02 | 00,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/26 22:28:02 | 00,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/26 22:22:11 | 00,165,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/26 22:06:08 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/26 21:47:44 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/20 07:23:35 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\My Sharing Folders.lnk
[2008/09/15 01:17:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
< End of report >

And the

Extras.txt

OTViewIt Extras logfile created on: 10/12/2008 7:47:09 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\1T42UFBS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 69.48% Memory free
2.91 Gb Paging File | 2.39 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 3.46 Gb Free Space | 3.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KCMATOWER
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/11/12 21:15:43 | 00,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/27 20:27:40 | 00,497,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\The All-Seeing Eye\eye.exe:*:Enabled:The All-Seeing Eye
[2004/10/05 16:42:57 | 00,204,845 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2005/02/11 19:21:15 | 00,663,552 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
[2008/04/13 20:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2005/11/12 21:15:43 | 00,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/01/01 17:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2005/10/27 01:19:22 | 01,073,152 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2006/09/26 18:53:22 | 07,574,463 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
[2006/04/11 10:03:44 | 00,163,840 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
[2006/12/07 16:46:38 | 08,362,609 | ---- | M] () -- C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/07/10 04:51:14 | 00,090,178 | ---- | M] (Vibe Solutions Group, Inc) -- C:\Program Files\Comcast Video Mail\Comcast_Video_Mail.exe:*:Enabled:Comcast_video_mail.exe
[2008/04/10 05:57:11 | 01,271,032 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe:*:Disabled:Steam
[2008/09/10 20:27:31 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\SteamApps\crossmod\team fortress 2\hl2.exe:*:Enabled:hl2
[2007/12/13 15:46:15 | 00,513,280 | ---- | M] (CCP hf.) -- C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/05/21 14:23:52 | 02,797,568 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/10/09 19:59:01 | 07,671,408 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0s:{df5bc496-7c35-4f72-bc19-7660fe4454ee} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/12 21:15:43 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (offline-8876480:{DF5BC496-7C35-4F72-BC19-7660FE4454EE} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}"=PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2™
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}"=ATI HYDRAVISION
"{0B8FF60F-C012-4459-AADF-A3AD4E3757DE}"=Dell Picture Studio - Dell Image Expert
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{1116FD69-3C49-BE9A-C206-E8BA26CCA10F}"=CCC Help English
"{16FE2579-06B2-3E32-58F2-4B70B69A3070}"=ccc-core-preinstall
"{1DBB1B09-8A5C-4CEA-8623-3EE473D4530E}"=SMV Converter Tool 3.0
"{1EB21F28-E3AF-A317-4658-6C0C455C2F61}"=Catalyst Control Center Core Implementation
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}"=PACE System Files
"{29D88826-2AB9-11D5-8854-00902761A46D}"=WordPerfect Office 2002
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}"=iPod for Windows 2005-09-06
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}"=MVision
"{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}"=Virtual Earth 3D (Beta)
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{46D9C523-FABB-FFF1-321D-F493A68E2C3E}"=Catalyst Control Center Graphics Previews Common
"{4C6B97C0-C3BC-4368-8261-FDD8D6C7B14B}"=Tel-Ray Variable Delay
"{4ecaf021-478c-40c1-b777-3368a15f9966}"=Macromedia Flash Player
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{50D4CB89-AF34-4978-96DC-C3034062E901}"=Battlefield 2: Special Forces
"{57D32909-FCA8-A78B-2AD2-2A50F5E11858}"=ccc-core-static
"{57EA735B-4F1D-9FC5-6A36-B0C0F1D704FE}"=Catalyst Control Center Graphics Light
"{582876EC-A178-44D4-9823-C10D6C62EAFF}"=AGEIA PhysX v2.6.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}"=Microsoft IntelliType Pro 5.2
"{5DA6F06A-B389-407B-BF8C-1548767914D8}"=ATI Problem Report Wizard
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{64635543-70E7-436D-8D6D-4A721595029E}"=Microsoft IntelliPoint 5.2
"{67E158AF-8856-4337-B483-EA21930786AF}"=GameTap
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6831C13D-8D6F-4BA8-BF42-969E0B67ED4D}"=Puzzle Quest
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{79E147E8-2113-4BE0-9AB4-360B85CC3051}"=GameShadow
"{7BEA122E-E255-44D4-B259-CC2637B6EBD7}"=Sony PSP Media Manager 1.0a
"{85D3CC30-8859-481A-9654-FD9B74310BEF}"=Musicmatch® Jukebox
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8CC42289-E228-4A35-B8A9-015242283BB2}"=SPORE™ Creature Creator
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}"=Logitech QuickCam
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}"=Sound Blaster Live!
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}"=Google Earth
"{A1960A82-DB70-474D-A86B-FA74466103C6}"=Drivers Install For Linksys Easylink Advisor
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}"=Windows Defender
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{BEF726DD-4037-4214-8C6A-E625C02D2870}"=Logitech Audio Echo Cancellation Component
"{C01408FC-117C-44B7-8B0C-17794E526A01}"=Disc2Phone
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=Samsung Media Studio
"{C5B99684-9B23-4315-881B-57E078189B00}"=SansAmp PSA-1
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}"=Camera Driver
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}"=Paint Shop Pro 7
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DE31F8AA-B12D-3A38-E561-C657EED45465}"=Catalyst Control Center Graphics Full Existing
"{DEC511B1-59CB-4F15-AD75-0543034572A5}"=MapleStory
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E6EB53D4-5AD0-07F0-2DAC-0A2D624DF39D}"=ccc-utility
"{E7391464-6939-413C-B427-32F33FE13484}"=GameSpy Comrade
"{E74CC47C-28D3-25E1-14D2-68EBC87C31BA}"=Skins
"{EA516024-D84D-41F1-814F-83175A6188F2}"=Logitech Video Enumerator
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}"=Battlefield 2142
"{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}"=Zune
"{F251B61F-9D18-13C4-02EE-71A36343D442}"=Catalyst Control Center Graphics Full New
"3DGroove"=OTOY
"6F128087AFFFF5D4F4FEE6429736470CD5C1E4E2"=Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AdobeESD"=Adobe Download Manager 1.2 (Remove Only)
"All ATI Software"=ATI - Software Uninstall Utility
"AOL Instant Messenger"=AOL Instant Messenger
"ATI Display Driver"=ATI Display Driver
"ATITool"=ATITool Overclocking Utility
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1"=Conexant D850 56K V.9x DFVc Modem
"Code Head X-Treme Culture"=Code Head X-Treme Culture
"CoH"=City of Villains/City of Heroes (remove only)
"Comcast PhotoShow Deluxe 4"=Comcast PhotoShow Deluxe 4
"Comcast Video Mail"=Comcast Video Mail - Version 3.4 Build 3778
"comcastDD"=Desktop Doctor
"DesertCombat"=DesertCombat 0.7
"EasyLinkAdvisor"=Linksys EasyLink Advisor 1.6 (0032)
"EsetOnlineScanner"=ESET Online Scanner
"EVE"=EVE-ONLINE (remove only)
"ExpressBurn"=Express Burn
"GameSpy Arcade"=GameSpy Arcade
"Google Updater"=Google Updater
"GoogleVideoViewer"=Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
"Halo"=Microsoft Halo
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IGN Download Manager"=IGN Download Manager 2.3.0
"InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}"=iPod for Windows 2005-09-06
"JumpStart Advanced 3rd Grade"=JumpStart Advanced 3rd Grade
"Lame MP3 Codec (for the ACM)"=Lame ACM MP3 Codec
"legacyqcam_10.51"=Logitech Legacy USB Camera Driver Package
"lvdrivers_11.50"=Logitech QuickCam Driver Package
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"mIRC"=mIRC
"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Mystery Club Gadget Games"=Mystery Club Gadget Games
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NxPhoto"=NxPhoto
"NxvConverter"=NxvConverter
"OpenAL"=OpenAL
"PicasaNet"=Hello (remove only)
"PROSet"=Intel® PRO Network Connections Drivers
"RealArcade 1.2"=RealArcade
"RealPlayer 6.0"=RealPlayer
"Scholastic's I SPY Spooky Mansion"=Scholastic's I SPY Spooky Mansion
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"Steam App 400"=Portal
"Steam App 440"=Team Fortress 2
"Switch"=Switch
"To The Eds-treme"=To The Eds-treme
"ViewpointMediaPlayer"=Viewpoint Media Player
"WavePad"=WavePad Uninstall
"WebCam Recorder_is1"=WebCam Recorder
"WIC"=Windows Imaging Component
"WiFiConnector"=Nintendo Wi-Fi USB Connector Registration Tool
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WordPerfect Office 2002"=WordPerfect Office 2002
"World of Warcraft"=World of Warcraft
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1"=XviD MPEG-4 Video Codec
"Yahoo! Messenger"=Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-220523388-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2008 8:29:30 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4092 (0xffc) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 9/29/2008 9:48:17 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3344 (0xd10) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/1/2008 9:11:15 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3688 (0xe68) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\bf2_v1_12update.exe
by C:\Program Files\Mozilla Firefox\firefox.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/1/2008 11:04:29 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 5552 (0x15b0) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Kevin\My
Documents\My Downloads\BF2_Patch_1.4.exe by C:\Program Files\Mozilla Firefox\firefox.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 10/2/2008 5:35:21 AM | Computer Name = KCMATOWER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.20121, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 10/2/2008 5:53:18 AM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 5268 (0x1494) Thread address : 0x121FB816 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Program Files\Mozilla Firefox\firefox.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/7/2008 8:53:35 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3656 (0xe48) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/8/2008 8:58:14 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5008 (0x1390) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Documents and Settings\Kevin\Local Settings\Temp\jkos-Kevin\binaries\ScanningProcess.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 10/9/2008 9:26:08 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2780 (0xadc) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Program Files\Internet Explorer\IEXPLORE.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/11/2008 3:22:40 PM | Computer Name = KCMATOWER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3004 (0xbbc) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\Company_of_Heroes_FilePlanet_Beta_1_11_0.exe

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 10/9/2008 8:08:23 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/9/2008 8:16:56 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7000
Description = The Concord Eye-Q Duo 2000 USB Video Capture V1.01 service failed
to start due to the following error: %%1058

Error - 10/9/2008 8:17:47 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/9/2008 8:17:47 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/9/2008 8:23:53 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7000
Description = The Concord Eye-Q Duo 2000 USB Video Capture V1.01 service failed
to start due to the following error: %%1058

Error - 10/9/2008 9:26:13 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/10/2008 8:51:07 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/10/2008 9:51:16 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7000
Description = The Concord Eye-Q Duo 2000 USB Video Capture V1.01 service failed
to start due to the following error: %%1058

Error - 10/10/2008 10:53:31 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7000
Description = The Concord Eye-Q Duo 2000 USB Video Capture V1.01 service failed
to start due to the following error: %%1058

Error - 10/11/2008 3:22:46 PM | Computer Name = KCMATOWER | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.


< End of report >

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:01 PM

Posted 12 October 2008 - 09:47 PM

Hello. No malware causing the issue I can see.

Please completely uninstall McAfee, using the instructions provided here:
http://service.mcafee.com/FAQDocument.aspx...083&lc=1033

Once McAfee is uninstalled, let me know if the problem continues. It looks to be a case of McAfee's heuristics going haywire... but let's eliminate that possibility first.

Thanks!

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users