Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spywareguard.exe & winscenter.exe


  • Please log in to reply
14 replies to this topic

#1 ktb2008

ktb2008

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 18 December 2008 - 05:41 AM

Last week I began having three pop-up windows claiming that they were the Windows Security Center and Spyware Guard 2008. This infection was preventing me from even getting to the Kaspersky Online Scanner, as well as the download for the RSIT tool. However, a BleepingComputer user helped me to clean the infection using SuperAntiSpyWare and the MalwareBytes AntiSpyware tool, and recommended that now that I can run the Kaspersky Online Scanner and the RSIT tool, to post their logs in this forum to finish cleaning the infection. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/186026/spywareguardexe-winscenterexe/ ~ OBThe Kaspersky report came up blank, but the RSIT report is as follows:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Keith at 2008-12-17 21:39:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 766 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:21 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Keith\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Keith.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.bat
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://vs2005stage.iamaw.org
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = iamaw.org
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10419 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BBB7D588-C182-4286-BD47-5813B1FC9C42}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-14 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2001-10-09 200704]
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-10-09 35328]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]
"QAGENT"=C:\Program Files\QUICKENW\QAGENT.EXE [2001-08-01 94208]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-28 188416]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-17 136600]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BLMessagingIntegration"=C:\Program Files\Common Files\PSD Tools\blengine.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-16 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Aim6"= []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.bat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1137909198\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1137909198\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1137909198\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1137909198\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1138757384\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1138757384\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1138757384\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1138757384\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Disabled:CoDMP"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Disabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Disabled:OrbTray"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Disabled:SR_GUI"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-17 21:39:13 ----D---- C:\rsit
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\java.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-17 20:40:58 ----D---- C:\WINDOWS\LastGood
2008-12-17 19:56:14 ----A---- C:\WINDOWS\system32\SET19.tmp
2008-12-16 05:27:04 ----D---- C:\Avenger
2008-12-16 05:27:03 ----A---- C:\avenger.txt
2008-12-15 20:06:40 ----D---- C:\Documents and Settings\Keith\Application Data\Malwarebytes
2008-12-15 19:55:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-15 19:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-15 19:54:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-11 23:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 23:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 23:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 23:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2008-12-17 21:39:34 ----AD---- C:\WINDOWS\Temp
2008-12-17 20:50:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-17 20:49:23 ----D---- C:\WINDOWS\SYSTEM32
2008-12-17 20:48:31 ----SHD---- C:\WINDOWS\Installer
2008-12-17 20:48:28 ----D---- C:\Program Files\Java
2008-12-17 20:41:34 ----HD---- C:\WINDOWS\INF
2008-12-17 20:41:29 ----D---- C:\WINDOWS
2008-12-17 20:41:25 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-12-17 20:40:59 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 20:40:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-17 20:04:48 ----D---- C:\WINDOWS\Prefetch
2008-12-17 20:01:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-16 21:48:46 ----AD---- C:\Program Files
2008-12-16 21:46:22 ----D---- C:\WINDOWS\system32\Restore
2008-12-16 20:48:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-16 17:30:06 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-16 05:27:04 ----D---- C:\WINDOWS\system32\DRIVERS
2008-12-16 05:25:16 ----RSD---- C:\WINDOWS\Fonts
2008-12-15 19:55:12 ----D---- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
2008-12-15 19:54:43 ----AD---- C:\Program Files\Common Files
2008-12-12 08:22:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-11 23:06:50 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 23:06:10 ----D---- C:\Program Files\Internet Explorer
2008-12-11 22:57:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 18:24:37 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-12-06 09:37:47 ----SD---- C:\WINDOWS\Tasks
2008-11-24 17:24:04 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-23 08:42:20 ----D---- C:\Documents and Settings\Keith\Application Data\Arcsoft
2008-11-22 09:53:29 ----D---- C:\Program Files\SpywareBlaster

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-03-23 43672]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-02-02 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-02-02 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 34712]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-09-19 41728]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2001-08-09 10256]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2001-11-30 22206]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2001-11-30 39836]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2001-11-30 5838]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2001-11-30 67694]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-01-29 28164]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2001-09-27 28396]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2001-11-30 50990]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 OMVA;VPN-1 SecureClient Adapter; C:\WINDOWS\system32\DRIVERS\OMVA.sys [2003-04-08 14924]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;Usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-17 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2001-11-26 65536]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2008-12-17 21:40:39

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst -y -a -f"b2003ce.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Pitch Deluxe 1.6-->"C:\Program Files\3D Pitch Deluxe\SETUP\setup.exe" /u
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Britannica Ready Reference-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Call of Duty-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
CSI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}\setup.exe" -l0x9
Dell Modem-On-Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support-->MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Detto IntelliMover-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}\Setup.exe"
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 5600-->msiexec /x{DB5518BE-F40F-407A-B451-012625D4497B}
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_71eef\Setup.exe /APR-REMOVE
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Age of Empires-->C:\Program Files\Microsoft Games\Age of Empires\Uninstal.exe /uninstall
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft PhotoDraw 2000-->"C:\Program Files\Microsoft Office\Office\Setup\PhotoDraw\setup.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MouseWare 9.41 .3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0009 UNINSTALL
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Quicken 2002 New User Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
SimCity 3000-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Maxis\SIMCIT~1\Uninst.isu
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Star Trek: Armada-->C:\PROGRA~1\ACTIVI~1\STARTR~1\UNINST~1\UNINST~1.EXE C:\Program Files\Activision\Star Trek - Armada\uninstall\Star Trek Armada.log
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Sims-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\The Sims\Uninst.isu"
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 2002-->C:\WINDOWS\Corel\uninst32.exe
WordPerfect Office 2002-->C:\WINDOWS\Corel\Uninst32.exe
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Photos Easy Upload Tool-->C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"

=====HijackThis Backups=====

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

System event log

Computer Name: KTBURNEY
Event Code: 7036
Message: The Telephony service entered the running state.

Record Number: 94429
Source Name: Service Control Manager
Time Written: 20081023171521.000000-300
Event Type: information
User:

Computer Name: KTBURNEY
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 94428
Source Name: Service Control Manager
Time Written: 20081023171521.000000-300
Event Type: information
User:

Computer Name: KTBURNEY
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 94427
Source Name: Service Control Manager
Time Written: 20081023171521.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: KTBURNEY
Event Code: 14204
Message: Service 'WMPNetworkSvc' started.

Record Number: 94426
Source Name: WMPNetworkSvc
Time Written: 20081023171507.000000-300
Event Type: information
User:

Computer Name: KTBURNEY
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{6649CF52-DA28-49AA-8228-07D50E478E6C} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 94425
Source Name: Tcpip
Time Written: 20081023171459.000000-300
Event Type: information
User:

Application event log

Computer Name: KTBURNEY
Event Code: 11724
Message: Product: skin0001 -- Removal completed successfully.

Record Number: 21367
Source Name: MsiInstaller
Time Written: 20080616233923.000000-300
Event Type: information
User: KTBURNEY\Keith

Computer Name: KTBURNEY
Event Code: 11707
Message: Product: ESSgui -- Installation operation completed successfully.

Record Number: 21366
Source Name: MsiInstaller
Time Written: 20080616233806.000000-300
Event Type: information
User: KTBURNEY\Keith

Computer Name: KTBURNEY
Event Code: 11724
Message: Product: ESSgui -- Removal completed successfully.

Record Number: 21365
Source Name: MsiInstaller
Time Written: 20080616233757.000000-300
Event Type: information
User: KTBURNEY\Keith

Computer Name: KTBURNEY
Event Code: 11707
Message: Product: SKINXSDK -- Installation operation completed successfully.

Record Number: 21364
Source Name: MsiInstaller
Time Written: 20080616233732.000000-300
Event Type: information
User: KTBURNEY\Keith

Computer Name: KTBURNEY
Event Code: 11724
Message: Product: SKINXSDK -- Removal completed successfully.

Record Number: 21363
Source Name: MsiInstaller
Time Written: 20080616233726.000000-300
Event Type: information
User: KTBURNEY\Keith

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=3.0.1
"SESSIONID"=1091164644745wuws07-l5eb489:fe0e7a9124:147a
"COLLECTIONID"=COL5123
"ITEMID"=dj-17724-8
"UPDATEDIR"=C:\DOCUME~1\Keith\LOCALS~1\Temp\rad7305C.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPH
"LANG"=1033
"TIMEOUT"=0
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by Orange Blossom, 18 December 2008 - 07:33 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:50 PM

Posted 27 December 2008 - 09:31 AM

Hello ktb2008

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Rsit log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 ktb2008

ktb2008
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 04 January 2009 - 03:40 PM

As instructed by the user kahdah, I am reposting this topic with a new RSIT log. The original topic can be found at http://www.bleepingcomputer.com/forums/topic187477.html.

Several weeks ago I began having three pop-up windows claiming that they were the Windows Security Center and Spyware Guard 2008. This infection was preventing me from even getting to the Kaspersky Online Scanner, as well as the download for the RSIT tool. However, a BleepingComputer user helped me to clean the infection using SuperAntiSpyWare and the MalwareBytes AntiSpyware tool, and recommended that now that I can run the Kaspersky Online Scanner and the RSIT tool, to post their logs in this forum to finish cleaning the infection. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/186026/spywareguardexe-winscenterexe/.

The Kaspersky report came up blank, but the latest RSIT report is as follows:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Keith at 2009-01-04 15:33:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 766 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:05 PM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
c:\program files\mcafee\virusscan\mcinsupd.exe
C:\Documents and Settings\Keith\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Keith.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.bat
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://vs2005stage.iamaw.org
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = iamaw.org
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10463 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BBB7D588-C182-4286-BD47-5813B1FC9C42}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-14 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2001-10-09 200704]
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-10-09 35328]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]
"QAGENT"=C:\Program Files\QUICKENW\QAGENT.EXE [2001-08-01 94208]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-28 188416]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-17 136600]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BLMessagingIntegration"=C:\Program Files\Common Files\PSD Tools\blengine.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-16 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Aim6"= []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.bat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1137909198\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1137909198\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1137909198\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1137909198\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1138757384\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1138757384\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1138757384\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1138757384\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Disabled:CoDMP"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Disabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Disabled:OrbTray"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Disabled:SR_GUI"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-17 21:39:13 ----D---- C:\rsit
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\java.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-16 05:27:04 ----D---- C:\Avenger
2008-12-16 05:27:03 ----A---- C:\avenger.txt
2008-12-15 20:06:40 ----D---- C:\Documents and Settings\Keith\Application Data\Malwarebytes
2008-12-15 19:55:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-15 19:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-15 19:54:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-11 23:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 23:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 23:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 23:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-04 15:32:38 ----AD---- C:\WINDOWS\Temp
2009-01-04 14:35:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-04 13:59:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-04 13:50:54 ----D---- C:\WINDOWS\Prefetch
2008-12-20 13:11:54 ----D---- C:\WINDOWS
2008-12-20 13:11:15 ----D---- C:\WINDOWS\SYSTEM32
2008-12-17 20:50:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-17 20:49:30 ----SHD---- C:\WINDOWS\Installer
2008-12-17 20:48:28 ----D---- C:\Program Files\Java
2008-12-17 20:41:34 ----HD---- C:\WINDOWS\INF
2008-12-17 20:41:25 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-12-17 20:41:22 ----D---- C:\WINDOWS\ie7updates
2008-12-17 20:40:59 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 20:40:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-16 21:48:46 ----AD---- C:\Program Files
2008-12-16 21:46:22 ----D---- C:\WINDOWS\system32\Restore
2008-12-16 17:30:06 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-16 05:27:04 ----D---- C:\WINDOWS\system32\DRIVERS
2008-12-16 05:25:16 ----RSD---- C:\WINDOWS\Fonts
2008-12-15 19:55:12 ----D---- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
2008-12-15 19:54:43 ----AD---- C:\Program Files\Common Files
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 08:22:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-11 23:06:50 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 23:06:10 ----D---- C:\Program Files\Internet Explorer
2008-12-11 22:57:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 18:24:37 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-12-06 09:37:47 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-03-23 43672]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-02-02 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-02-02 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 34712]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-09-19 41728]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2001-08-09 10256]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2001-11-30 22206]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2001-11-30 39836]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2001-11-30 5838]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2001-11-30 67694]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-01-29 28164]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2001-09-27 28396]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2001-11-30 50990]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 OMVA;VPN-1 SecureClient Adapter; C:\WINDOWS\system32\DRIVERS\OMVA.sys [2003-04-08 14924]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;Usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-17 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2001-11-26 65536]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:50 PM

Posted 04 January 2009 - 06:48 PM

Hello ktb2008,

I'm afraid there was a slight misunderstanding. kahdah wanted you to reply with the logs to the existing topic. Given that, your new topic has been merged to your previously existing topic. Please keep all posts regarding this issue to this topic by using the Add Reply button at the bottom of the topic. Starting new topics confuses things and delays the assistance you receive.

Back to you kahdah

~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:50 PM

Posted 04 January 2009 - 08:02 PM

Hi ktb2008 let's have a deeper look please:

Download GMER from Here :
Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 ktb2008

ktb2008
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 05 January 2009 - 07:47 PM

Hi there,

Sorry about the confusion with my post; I thought you were asking me to post a completely new topic. Must still be affected by all that egg nog! :thumbsup: Anyways, here are the results from GMER:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-05 19:46:43
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEEA809AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEEA80A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEEA80958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEEA8096C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEEA80A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEEA80A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEEA80AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEEA80AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEEA809EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEEA80B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEEA80A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEEA80930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEEA80944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEEA809BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEEA80B57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEEA80AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEEA80AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEEA80A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEEA80B43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEEA80B2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEEA80996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEEA80982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEEA80A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEEA80A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEEA80B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEEA80A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEEA809D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EEA809D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP EEA80A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 2 Bytes JMP EEA80AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey + 3 8056A1F5 4 Bytes [ 51, 6E, 90, 90 ]
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP EEA809AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP EEA80986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP EEA80A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP EEA80B5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 3 Bytes JMP EEA80AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey + 4 80570D68 3 Bytes [ 6E, 90, 90 ]
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP EEA80934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP EEA809C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP EEA80A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP EEA80A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP EEA809EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP EEA80970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP EEA80A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP EEA80948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP EEA80B1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP EEA80ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP EEA80A85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP EEA80A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP EEA8095C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCF7 5 Bytes JMP EEA8099A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA12 7 Bytes JMP EEA80B09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E338 7 Bytes JMP EEA80AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP EEA80A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ECA9 5 Bytes JMP EEA80B33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F112 5 Bytes JMP EEA80B47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040F38
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040F53
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040F64
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040F7F
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040FA1
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0004003E
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040EF6
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040EC0
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040ED1
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00040EA5
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00040F90
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00040F13
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00040FB2
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00040FC3
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0004004F
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00070F5E
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00070F6F
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80F52
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80051
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E80F83
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80F9E
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80F30
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E80F41
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E8009D
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E80F04
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E80EF3
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E80FAF
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E80062
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E80036
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E80025
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E80F1F
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00EB000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00EB005B
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00EB0FC3
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00EB0FD4
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00EB0F94
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00EB0FEF
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00EB0036
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00EB0025
.text C:\WINDOWS\system32\lsass.exe[700] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A60093
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A60F9E
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A60076
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A6005B
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A60039
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A60F4B
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A60F72
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A600C2
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A60F29
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00A60F0E
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00A6004A
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A60014
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00A60F8D
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00A60FCD
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00A60FDE
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00A60F3A
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00A90039
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00A9006F
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00A90FDE
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00A90014
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00A90FB2
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00A90FCD
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ C9, 88 ]
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00A9004A
.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0F81
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD006C
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0F92
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0051
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0025
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD00AC
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0F64
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD00D8
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0F3F
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BD0F2E
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BD0040
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BD0091
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BD0FC3
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BD00BD
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C00FC0
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C0004A
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C00F8D
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ E0, 88 ]
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C00FAF
.text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024E0FE5
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 024E0F5E
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 024E0053
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 024E0036
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 024E0F79
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 024E001B
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024E0F26
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024E0F43
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024E0090
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024E007F
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 024E0ED2
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 024E0F8A
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 024E0FD4
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 024E006E
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 024E000A
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 024E0FB9
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 024E0F01
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02770FC0
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02770F7D
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02770FD1
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02770011
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02770044
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02770000
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 02770033
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02770022
.text C:\WINDOWS\System32\svchost.exe[940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02600FEF
.text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02780000
.text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02780FEF
.text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02780FD4
.text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02780025
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FEF
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630F95
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0063008A
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00630079
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00630068
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00630043
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006300CA
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006300AF
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00630F38
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00630F53
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00630F27
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00630FBC
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00630FDE
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00630F84
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00630FCD
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00630014
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 006300DB
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00660FB2
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00660040
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00660FCD
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00660FDE
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0066002F
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00660FEF
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0066001E
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00660FA1
.text C:\WINDOWS\System32\svchost.exe[996] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640000
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90062
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90F6D
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F88
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90051
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FB9
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F90073
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F37
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900B3
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90098
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F900C4
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F90040
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F9000A
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F90F52
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F90025
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F90FD4
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F90F10
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FC0033
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FC0FBD
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FC0022
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FC0011
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FC0084
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FC0000
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00FC0069
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FC0058
.text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00FD0FB9
.text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00FD000A
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F3000A
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F30095
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F30084
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F30FB6
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F30073
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F30FDB
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F30F6A
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F30F7B
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F30F37
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F30F48
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F300EB
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F30062
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F30025
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F300A6
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F30047
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F30036
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F30F59
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F20047
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F20087
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F20036
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F2001B
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F20FC0
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F20000
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F20FD1
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 12, 89 ]
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F20058
.text C:\WINDOWS\System32\svchost.exe[1468] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F00000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1636] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80FA2
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B800A1
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80090
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80069
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80047
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F6F
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F80
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B800E3
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B800D2
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B80F39
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B80058
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B8001B
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B80F91
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B80036
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B80F54
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B70FD4
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B70F83
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B70FE5
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B7001B
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B70F9E
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B70000
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B70036
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B70FAF
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F61
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F86
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F97
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0054
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FB2
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A007D
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F35
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00A9
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F10
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00BA
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0039
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F46
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[3588] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A008E
.text C:\WINDOWS\Explorer.EXE[3588] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[3588] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290062
.text C:\WINDOWS\Explorer.EXE[3588] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FCA
.text C:\WINDOWS\Explorer.EXE[3588] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[3588] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290051
.text C:\WINDOWS\Explorer.EXE[3588] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[3588] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290FA5
.text C:\WINDOWS\Explorer.EXE[3588] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\Explorer.EXE[3588] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0029002C
.text C:\WINDOWS\Explorer.EXE[3588] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[3588] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002C0FDB
.text C:\WINDOWS\Explorer.EXE[3588] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002C0FC0
.text C:\WINDOWS\Explorer.EXE[3588] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002C0011
.text C:\WINDOWS\Explorer.EXE[3588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02770FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250000
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F92
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250087
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0025006C
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250051
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250036
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250F61
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002500A9
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002500D5
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00250F21
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00250FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00250FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00250098
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00250FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0025001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 002500BA
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0034000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00340F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00340FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00340FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0034002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00340FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0034001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00340F94
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01720FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 0172000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01720FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 0172001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] ws2_32.dll!socket 71AB4211 5 Bytes JMP 021D0000

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [0134E070] c:\program files\aim6\services\imApp\ver6_8_14_6\imAppService.dll (imAppService EE Application Service/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\Iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\Iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{94F93E23-6853-4A61-B5B2-FCA6485FEA4C}\InprocServer32@ C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\smjdcixqbr.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{94F93E23-6853-4A61-B5B2-FCA6485FEA4C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E18E6404-5E0A-4156-82F2-7F337E69C0C9}\InprocServer32@ C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{E18E6404-5E0A-4156-82F2-7F337E69C0C9}\InprocServer32@ThreadingModel Apartment

---- EOF - GMER 1.0.14 ----

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:50 PM

Posted 05 January 2009 - 09:50 PM

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
===================
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\smjdcixqbr.dll
    C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
    
    :reg
    [-HKLM\SOFTWARE\Classes\CLSID\{94F93E23-6853-4A61-B5B2-FCA6485FEA4C}]
    [-HKLM\SOFTWARE\Classes\CLSID\{E18E6404-5E0A-4156-82F2-7F337E69C0C9}]
    
    :commands
    [emptytemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Please post these logs in your next reply:
  • Ot Move it log
  • Malware Bytes log
  • New Rsit log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 ktb2008

ktb2008
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 06 January 2009 - 08:27 PM

Here ya go!

OTMoveIT Log:

========== FILES ==========
File/Folder C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\smjdcixqbr.dll not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll not found.
========== REGISTRY ==========
Unable to delete registry key HKLM\SOFTWARE\Classes\CLSID\{94F93E23-6853-4A61-B5B2-FCA6485FEA4C}\\ .
Unable to delete registry key HKLM\SOFTWARE\Classes\CLSID\{E18E6404-5E0A-4156-82F2-7F337E69C0C9}\\ .
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_aX1bbGnr3yqxV0U scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_Bg2AbVD4AsiVBix scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_rK2UpYdBfHm7LyC scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_UPgEo25aphvpzlx scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ZIlIwk9jjYiHVJr scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_684.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV3.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_200148

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcafee_aX1bbGnr3yqxV0U not found!
File C:\WINDOWS\temp\mcmsc_Bg2AbVD4AsiVBix not found!
File C:\WINDOWS\temp\mcmsc_rK2UpYdBfHm7LyC not found!
File C:\WINDOWS\temp\mcmsc_UPgEo25aphvpzlx not found!
File C:\WINDOWS\temp\mcmsc_ZIlIwk9jjYiHVJr not found!
File C:\WINDOWS\temp\Perflib_Perfdata_684.dat not found!
File move failed. C:\WINDOWS\temp\WFV3.tmp scheduled to be moved on reboot.

MBAM Log:

Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 3

1/6/2009 8:22:50 PM
mbam-log-2009-01-06 (20-22-50).txt

Scan type: Quick Scan
Objects scanned: 56050
Time elapsed: 13 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

RSIT Log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Keith at 2009-01-06 20:23:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 766 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:06 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Keith\Desktop\Spyware\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Keith.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.bat
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://vs2005stage.iamaw.org
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = iamaw.org
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10551 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BBB7D588-C182-4286-BD47-5813B1FC9C42}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-14 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2001-10-09 200704]
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-10-09 35328]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]
"QAGENT"=C:\Program Files\QUICKENW\QAGENT.EXE [2001-08-01 94208]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-28 188416]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-17 136600]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-04 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BLMessagingIntegration"=C:\Program Files\Common Files\PSD Tools\blengine.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-16 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Aim6"= []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.bat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1137909198\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1137909198\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1137909198\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1137909198\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1138757384\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1138757384\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1138757384\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1138757384\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Disabled:CoDMP"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Disabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Disabled:OrbTray"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Disabled:SR_GUI"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-01-06 20:01:49 ----D---- C:\_OTMoveIt
2009-01-06 19:58:55 ----D---- C:\Program Files\ERUNT
2009-01-05 18:45:50 ----A---- C:\WINDOWS\gmer.ini
2009-01-05 18:45:39 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-05 18:45:39 ----A---- C:\WINDOWS\gmer.dll
2009-01-05 18:45:38 ----A---- C:\WINDOWS\gmer.exe
2008-12-17 21:39:13 ----D---- C:\rsit
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\java.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-16 05:27:04 ----D---- C:\Avenger
2008-12-16 05:27:03 ----A---- C:\avenger.txt
2008-12-15 20:06:40 ----D---- C:\Documents and Settings\Keith\Application Data\Malwarebytes
2008-12-15 19:55:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-15 19:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-15 19:54:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-11 23:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 23:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 23:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 23:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-06 20:22:33 ----AD---- C:\WINDOWS\Temp
2009-01-06 20:08:43 ----D---- C:\WINDOWS\Prefetch
2009-01-06 20:08:42 ----D---- C:\WINDOWS\system32\DRIVERS
2009-01-06 20:02:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-06 19:58:55 ----AD---- C:\Program Files
2009-01-05 18:45:50 ----D---- C:\WINDOWS
2009-01-05 18:44:59 ----D---- C:\Program Files\AIM6
2009-01-05 18:44:10 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-05 18:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-20 13:11:15 ----D---- C:\WINDOWS\SYSTEM32
2008-12-17 20:50:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-17 20:49:30 ----SHD---- C:\WINDOWS\Installer
2008-12-17 20:48:28 ----D---- C:\Program Files\Java
2008-12-17 20:41:34 ----HD---- C:\WINDOWS\INF
2008-12-17 20:41:25 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-12-17 20:41:22 ----D---- C:\WINDOWS\ie7updates
2008-12-17 20:40:59 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 20:40:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-16 21:46:22 ----D---- C:\WINDOWS\system32\Restore
2008-12-16 17:30:06 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-16 05:25:16 ----RSD---- C:\WINDOWS\Fonts
2008-12-15 19:55:12 ----D---- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
2008-12-15 19:54:43 ----AD---- C:\Program Files\Common Files
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 08:22:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-11 23:06:50 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 23:06:10 ----D---- C:\Program Files\Internet Explorer
2008-12-11 22:57:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 18:24:37 ----AC---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-03-23 43672]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-02-02 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-02-02 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 34712]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-09-19 41728]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2001-08-09 10256]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2001-11-30 22206]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2001-11-30 39836]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2001-11-30 5838]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2001-11-30 67694]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-01-29 28164]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2001-09-27 28396]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-05 85969]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2001-11-30 50990]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 OMVA;VPN-1 SecureClient Adapter; C:\WINDOWS\system32\DRIVERS\OMVA.sys [2003-04-08 14924]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;Usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-17 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2001-11-26 65536]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:50 PM

Posted 07 January 2009 - 08:28 AM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 ktb2008

ktb2008
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 07 January 2009 - 07:06 PM

Here's the log. Thanks again for your help!

ComboFix 09-01-07.01 - Keith 2009-01-07 18:28:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.426 [GMT -5:00]
Running from: c:\documents and settings\Keith\Desktop\Spyware\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
c:\windows\cdmxtras
c:\windows\Readme.txt
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_0_0_446700.htm
c:\windows\system32\cache329\B_329_0_0_446800.htm
c:\windows\system32\cache329\B_329_0_0_446900.htm
c:\windows\system32\cache329\B_329_0_1_502500.htm
c:\windows\system32\cache329\B_329_0_1_502500.swf
c:\windows\system32\cache329\B_329_0_1_518300.htm
c:\windows\system32\cache329\B_329_0_1_518300.swf
c:\windows\system32\cache329\B_329_0_1_535000.htm
c:\windows\system32\cache329\B_329_0_1_535000.swf
c:\windows\system32\cache329\B_329_0_1_535300.htm
c:\windows\system32\cache329\B_329_0_1_535300.swf
c:\windows\system32\cache329\B_329_0_1_549000.htm
c:\windows\system32\cache329\B_329_0_1_549000.swf
c:\windows\system32\cache329\B_329_0_1_555500.htm
c:\windows\system32\cache329\B_329_0_1_555500.swf
c:\windows\system32\cache329\B_329_0_1_560400.htm
c:\windows\system32\cache329\B_329_0_1_560400.swf
c:\windows\system32\cache329\B_329_0_1_562700.htm
c:\windows\system32\cache329\B_329_0_1_562700.swf
c:\windows\system32\cache329\B_329_0_1_564100.htm
c:\windows\system32\cache329\B_329_0_1_564100.swf
c:\windows\system32\cache329\B_329_0_1_566800.htm
c:\windows\system32\cache329\B_329_0_1_566800.swf
c:\windows\system32\cache329\B_329_0_1_567900.htm
c:\windows\system32\cache329\B_329_0_1_567900.swf
c:\windows\system32\cache329\B_329_0_1_571500.htm
c:\windows\system32\cache329\B_329_0_1_571500.swf
c:\windows\system32\cache329\B_329_0_1_572600.htm
c:\windows\system32\cache329\B_329_0_1_572600.swf
c:\windows\system32\cache329\B_329_0_1_573700.htm
c:\windows\system32\cache329\B_329_0_1_573700.swf
c:\windows\system32\cache329\B_329_0_1_576900.htm
c:\windows\system32\cache329\B_329_0_1_576900.swf
c:\windows\system32\cache329\B_329_0_1_579800.htm
c:\windows\system32\cache329\B_329_0_1_579800.swf
c:\windows\system32\cache329\B_329_0_1_590300.htm
c:\windows\system32\cache329\B_329_0_1_590300.swf
c:\windows\system32\cache329\B_329_0_1_591600.htm
c:\windows\system32\cache329\B_329_0_1_591600.swf
c:\windows\system32\cache329\B_329_0_1_593100.gif
c:\windows\system32\cache329\B_329_0_1_593100.htm
c:\windows\system32\cache329\B_329_0_1_593100.swf
c:\windows\system32\cache329\B_329_0_1_593600.htm
c:\windows\system32\cache329\B_329_0_1_593600.swf
c:\windows\system32\cache329\B_329_0_1_593900.htm
c:\windows\system32\cache329\B_329_0_1_593900.swf
c:\windows\system32\cache329\B_329_0_1_598200.htm
c:\windows\system32\cache329\B_329_0_1_598200.swf
c:\windows\system32\cache329\B_329_0_1_598700.htm
c:\windows\system32\cache329\B_329_0_1_598700.swf
c:\windows\system32\cache329\B_329_0_1_598800.htm
c:\windows\system32\cache329\B_329_0_1_598800.swf
c:\windows\system32\cache329\B_329_0_1_599300.gif
c:\windows\system32\cache329\B_329_0_1_599600.htm
c:\windows\system32\cache329\B_329_0_1_599600.swf
c:\windows\system32\cache329\B_329_0_1_599800.gif
c:\windows\system32\cache329\B_329_0_1_600800.htm
c:\windows\system32\cache329\B_329_0_1_600800.swf
c:\windows\system32\cache329\B_329_0_1_600900.htm
c:\windows\system32\cache329\B_329_0_1_600900.swf
c:\windows\system32\cache329\B_329_0_1_601000.htm
c:\windows\system32\cache329\B_329_0_1_601000.swf
c:\windows\system32\cache329\B_329_0_1_601600.htm
c:\windows\system32\cache329\B_329_0_1_601600.swf
c:\windows\system32\cache329\B_329_0_1_601700.htm
c:\windows\system32\cache329\B_329_0_1_601700.swf
c:\windows\system32\cache329\B_329_0_1_602100.htm
c:\windows\system32\cache329\B_329_0_1_602100.swf
c:\windows\system32\cache329\B_329_0_1_605600.htm
c:\windows\system32\cache329\B_329_0_1_605600.swf
c:\windows\system32\cache329\B_329_0_1_611400.htm
c:\windows\system32\cache329\B_329_0_1_611400.swf
c:\windows\system32\cache329\B_329_0_1_611600.htm
c:\windows\system32\cache329\B_329_0_1_611600.swf
c:\windows\system32\cache329\B_329_0_1_622100.gif
c:\windows\system32\cache329\B_329_0_1_623600.htm
c:\windows\system32\cache329\B_329_0_1_623600.swf
c:\windows\system32\cache329\B_329_0_1_625500.htm
c:\windows\system32\cache329\B_329_0_1_625500.swf
c:\windows\system32\cache329\B_329_0_1_627200.htm
c:\windows\system32\cache329\B_329_0_1_627200.swf
c:\windows\system32\cache329\B_329_0_1_631500.htm
c:\windows\system32\cache329\B_329_0_1_631500.swf
c:\windows\system32\cache329\B_329_0_1_632000.htm
c:\windows\system32\cache329\B_329_0_1_632000.swf
c:\windows\system32\cache329\B_329_0_1_632700.htm
c:\windows\system32\cache329\B_329_0_1_632700.swf
c:\windows\system32\cache329\B_329_0_1_632900.htm
c:\windows\system32\cache329\B_329_0_1_632900.swf
c:\windows\system32\cache329\B_329_0_1_650900.htm
c:\windows\system32\cache329\B_329_0_1_650900.swf
c:\windows\system32\cache329\B_329_0_1_651000.htm
c:\windows\system32\cache329\B_329_0_1_651000.swf
c:\windows\system32\cache329\B_329_0_1_658500.gif
c:\windows\system32\cache329\B_329_0_1_659200.htm
c:\windows\system32\cache329\B_329_0_1_659200.swf
c:\windows\system32\cache329\B_329_0_1_659800.htm
c:\windows\system32\cache329\B_329_0_1_659800.swf
c:\windows\system32\cache329\B_329_0_1_660300.htm
c:\windows\system32\cache329\B_329_0_1_660300.swf
c:\windows\system32\cache329\B_329_0_1_660800.htm
c:\windows\system32\cache329\B_329_0_1_660800.swf
c:\windows\system32\cache329\B_329_0_2_534000.htm
c:\windows\system32\cache329\B_329_0_2_534000.swf
c:\windows\system32\cache329\B_329_0_2_539700.gif
c:\windows\system32\cache329\B_329_0_2_557400.htm
c:\windows\system32\cache329\B_329_0_2_557400.swf
c:\windows\system32\cache329\B_329_0_2_557700.htm
c:\windows\system32\cache329\B_329_0_2_557700.swf
c:\windows\system32\cache329\B_329_0_2_569300.gif
c:\windows\system32\cache329\B_329_0_2_579300.htm
c:\windows\system32\cache329\B_329_0_2_579300.swf
c:\windows\system32\cache329\B_329_0_2_631900.htm
c:\windows\system32\cache329\B_329_0_2_631900.swf
c:\windows\system32\cache329\B_329_0_3_514400.htm
c:\windows\system32\cache329\B_329_0_3_514400.swf
c:\windows\system32\cache329\B_329_0_3_578700.gif
c:\windows\system32\cache329\B_329_0_3_580800.gif
c:\windows\system32\cache329\B_329_0_3_582000.gif
c:\windows\system32\cache329\B_329_0_3_582600.gif
c:\windows\system32\cache329\B_329_0_3_582800.gif
c:\windows\system32\cache329\B_329_0_3_583100.gif
c:\windows\system32\cache329\B_329_0_3_737700.gif
c:\windows\system32\cache329\B_329_0_3_737800.gif
c:\windows\system32\cache329\B_329_0_3_737900.gif
c:\windows\system32\cache329\B_329_0_3_738300.gif
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_449600.htm
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_1_0_454300.htm
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_2_0_446700.htm
c:\windows\system32\cache329\B_329_2_0_446800.htm
c:\windows\system32\cache329\B_329_2_0_446900.htm
c:\windows\system32\cache329\B_329_2_1_502500.htm
c:\windows\system32\cache329\B_329_2_1_502500.swf
c:\windows\system32\cache329\B_329_2_1_518300.htm
c:\windows\system32\cache329\B_329_2_1_518300.swf
c:\windows\system32\cache329\B_329_2_1_535000.htm
c:\windows\system32\cache329\B_329_2_1_535000.swf
c:\windows\system32\cache329\B_329_2_1_535300.htm
c:\windows\system32\cache329\B_329_2_1_535300.swf
c:\windows\system32\cache329\B_329_2_1_555500.htm
c:\windows\system32\cache329\B_329_2_1_555500.swf
c:\windows\system32\cache329\B_329_2_1_560400.htm
c:\windows\system32\cache329\B_329_2_1_560400.swf
c:\windows\system32\cache329\B_329_2_1_562700.htm
c:\windows\system32\cache329\B_329_2_1_562700.swf
c:\windows\system32\cache329\B_329_2_1_564100.htm
c:\windows\system32\cache329\B_329_2_1_564100.swf
c:\windows\system32\cache329\B_329_2_1_566800.htm
c:\windows\system32\cache329\B_329_2_1_566800.swf
c:\windows\system32\cache329\B_329_2_1_567900.htm
c:\windows\system32\cache329\B_329_2_1_567900.swf
c:\windows\system32\cache329\B_329_2_1_571500.htm
c:\windows\system32\cache329\B_329_2_1_571500.swf
c:\windows\system32\cache329\B_329_2_1_572600.htm
c:\windows\system32\cache329\B_329_2_1_572600.swf
c:\windows\system32\cache329\B_329_2_1_573700.htm
c:\windows\system32\cache329\B_329_2_1_573700.swf
c:\windows\system32\cache329\B_329_2_1_576900.htm
c:\windows\system32\cache329\B_329_2_1_576900.swf
c:\windows\system32\cache329\B_329_2_1_579800.htm
c:\windows\system32\cache329\B_329_2_1_579800.swf
c:\windows\system32\cache329\B_329_2_1_590300.htm
c:\windows\system32\cache329\B_329_2_1_590300.swf
c:\windows\system32\cache329\B_329_2_1_591600.htm
c:\windows\system32\cache329\B_329_2_1_591600.swf
c:\windows\system32\cache329\B_329_2_1_593100.gif
c:\windows\system32\cache329\B_329_2_1_593100.htm
c:\windows\system32\cache329\B_329_2_1_593100.swf
c:\windows\system32\cache329\B_329_2_1_593600.htm
c:\windows\system32\cache329\B_329_2_1_593600.swf
c:\windows\system32\cache329\B_329_2_1_593900.htm
c:\windows\system32\cache329\B_329_2_1_593900.swf
c:\windows\system32\cache329\B_329_2_1_598200.htm
c:\windows\system32\cache329\B_329_2_1_598200.swf
c:\windows\system32\cache329\B_329_2_1_598700.htm
c:\windows\system32\cache329\B_329_2_1_598700.swf
c:\windows\system32\cache329\B_329_2_1_598800.htm
c:\windows\system32\cache329\B_329_2_1_598800.swf
c:\windows\system32\cache329\B_329_2_1_599300.gif
c:\windows\system32\cache329\B_329_2_1_599600.htm
c:\windows\system32\cache329\B_329_2_1_599600.swf
c:\windows\system32\cache329\B_329_2_1_599800.gif
c:\windows\system32\cache329\B_329_2_1_600800.htm
c:\windows\system32\cache329\B_329_2_1_600800.swf
c:\windows\system32\cache329\B_329_2_1_600900.htm
c:\windows\system32\cache329\B_329_2_1_600900.swf
c:\windows\system32\cache329\B_329_2_1_601000.htm
c:\windows\system32\cache329\B_329_2_1_601000.swf
c:\windows\system32\cache329\B_329_2_1_601600.htm
c:\windows\system32\cache329\B_329_2_1_601600.swf
c:\windows\system32\cache329\B_329_2_1_601700.htm
c:\windows\system32\cache329\B_329_2_1_601700.swf
c:\windows\system32\cache329\B_329_2_1_601800.htm
c:\windows\system32\cache329\B_329_2_1_601800.swf
c:\windows\system32\cache329\B_329_2_1_602100.htm
c:\windows\system32\cache329\B_329_2_1_602100.swf
c:\windows\system32\cache329\B_329_2_1_605600.htm
c:\windows\system32\cache329\B_329_2_1_605600.swf
c:\windows\system32\cache329\B_329_2_1_611400.htm
c:\windows\system32\cache329\B_329_2_1_611400.swf
c:\windows\system32\cache329\B_329_2_1_611600.htm
c:\windows\system32\cache329\B_329_2_1_611600.swf
c:\windows\system32\cache329\B_329_2_1_622100.gif
c:\windows\system32\cache329\B_329_2_1_623600.htm
c:\windows\system32\cache329\B_329_2_1_623600.swf
c:\windows\system32\cache329\B_329_2_1_625500.htm
c:\windows\system32\cache329\B_329_2_1_625500.swf
c:\windows\system32\cache329\B_329_2_1_627200.htm
c:\windows\system32\cache329\B_329_2_1_627200.swf
c:\windows\system32\cache329\B_329_2_1_631500.htm
c:\windows\system32\cache329\B_329_2_1_631500.swf
c:\windows\system32\cache329\B_329_2_1_632000.htm
c:\windows\system32\cache329\B_329_2_1_632000.swf
c:\windows\system32\cache329\B_329_2_1_632700.htm
c:\windows\system32\cache329\B_329_2_1_632700.swf
c:\windows\system32\cache329\B_329_2_1_632900.htm
c:\windows\system32\cache329\B_329_2_1_632900.swf
c:\windows\system32\cache329\B_329_2_1_650900.htm
c:\windows\system32\cache329\B_329_2_1_650900.swf
c:\windows\system32\cache329\B_329_2_1_651000.htm
c:\windows\system32\cache329\B_329_2_1_651000.swf
c:\windows\system32\cache329\B_329_2_1_658500.gif
c:\windows\system32\cache329\B_329_2_1_659200.htm
c:\windows\system32\cache329\B_329_2_1_659200.swf
c:\windows\system32\cache329\B_329_2_1_659800.htm
c:\windows\system32\cache329\B_329_2_1_659800.swf
c:\windows\system32\cache329\B_329_2_1_660300.htm
c:\windows\system32\cache329\B_329_2_1_660300.swf
c:\windows\system32\cache329\B_329_2_1_660800.htm
c:\windows\system32\cache329\B_329_2_1_660800.swf
c:\windows\system32\cache329\B_329_2_1_666900.htm
c:\windows\system32\cache329\B_329_2_1_666900.swf
c:\windows\system32\cache329\B_329_2_2_520100.gif
c:\windows\system32\cache329\B_329_2_2_534000.htm
c:\windows\system32\cache329\B_329_2_2_534000.swf
c:\windows\system32\cache329\B_329_2_2_535300.gif
c:\windows\system32\cache329\B_329_2_2_539700.gif
c:\windows\system32\cache329\B_329_2_2_557400.htm
c:\windows\system32\cache329\B_329_2_2_557400.swf
c:\windows\system32\cache329\B_329_2_2_557700.htm
c:\windows\system32\cache329\B_329_2_2_557700.swf
c:\windows\system32\cache329\B_329_2_2_559300.htm
c:\windows\system32\cache329\B_329_2_2_559300.swf
c:\windows\system32\cache329\B_329_2_2_569300.gif
c:\windows\system32\cache329\B_329_2_2_577200.htm
c:\windows\system32\cache329\B_329_2_2_577200.swf
c:\windows\system32\cache329\B_329_2_2_578200.htm
c:\windows\system32\cache329\B_329_2_2_578200.swf
c:\windows\system32\cache329\B_329_2_2_578400.gif
c:\windows\system32\cache329\B_329_2_2_579100.htm
c:\windows\system32\cache329\B_329_2_2_579100.swf
c:\windows\system32\cache329\B_329_2_2_579300.htm
c:\windows\system32\cache329\B_329_2_2_579300.swf
c:\windows\system32\cache329\B_329_2_2_599100.htm
c:\windows\system32\cache329\B_329_2_2_599100.swf
c:\windows\system32\cache329\B_329_2_2_631900.htm
c:\windows\system32\cache329\B_329_2_2_631900.swf
c:\windows\system32\cache329\B_329_2_2_658500.gif
c:\windows\system32\cache329\B_329_2_2_668500.htm
c:\windows\system32\cache329\B_329_2_2_668500.swf
c:\windows\system32\cache329\B_329_2_3_514400.htm
c:\windows\system32\cache329\B_329_2_3_514400.swf
c:\windows\system32\cache329\B_329_2_3_520100.gif
c:\windows\system32\cache329\B_329_2_3_536200.htm
c:\windows\system32\cache329\B_329_2_3_536200.swf
c:\windows\system32\cache329\B_329_2_3_536300.htm
c:\windows\system32\cache329\B_329_2_3_536300.swf
c:\windows\system32\cache329\B_329_2_3_539700.gif
c:\windows\system32\cache329\B_329_2_3_578700.gif
c:\windows\system32\cache329\B_329_2_3_580800.gif
c:\windows\system32\cache329\B_329_2_3_581200.gif
c:\windows\system32\cache329\B_329_2_3_581700.gif
c:\windows\system32\cache329\B_329_2_3_582000.gif
c:\windows\system32\cache329\B_329_2_3_582600.gif
c:\windows\system32\cache329\B_329_2_3_582800.gif
c:\windows\system32\cache329\B_329_2_3_583100.gif
c:\windows\system32\cache329\B_329_2_3_623900.htm
c:\windows\system32\cache329\B_329_2_3_623900.swf
c:\windows\system32\cache329\B_329_2_3_624800.htm
c:\windows\system32\cache329\B_329_2_3_624800.swf
c:\windows\system32\cache329\B_329_2_3_737700.gif
c:\windows\system32\cache329\B_329_2_3_737800.gif
c:\windows\system32\cache329\B_329_2_3_737900.gif
c:\windows\system32\cache329\B_329_2_3_738300.gif
c:\windows\system32\cache329\B_329_2_4_567800.gif
c:\windows\system32\cache329\B_329_2_4_570400.gif
c:\windows\system32\cache329\B_329_2_4_571300.gif
c:\windows\system32\cache329\B_329_2_4_571600.gif
c:\windows\system32\cache329\B_329_2_4_573600.gif
c:\windows\system32\cache329\B_329_2_4_593800.htm
c:\windows\system32\cache329\B_329_2_4_593800.swf
c:\windows\system32\cache329\B_329_2_4_594200.htm
c:\windows\system32\cache329\B_329_2_4_594200.swf
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_446700.htm
c:\windows\system32\cache329\B_329_3_0_446800.htm
c:\windows\system32\cache329\B_329_3_0_446900.htm
c:\windows\system32\cache329\B_329_3_1_502500.htm
c:\windows\system32\cache329\B_329_3_1_502500.swf
c:\windows\system32\cache329\B_329_3_1_518300.htm
c:\windows\system32\cache329\B_329_3_1_518300.swf
c:\windows\system32\cache329\B_329_3_1_535000.htm
c:\windows\system32\cache329\B_329_3_1_535000.swf
c:\windows\system32\cache329\B_329_3_1_535300.htm
c:\windows\system32\cache329\B_329_3_1_535300.swf
c:\windows\system32\cache329\B_329_3_1_544900.gif
c:\windows\system32\cache329\B_329_3_1_549000.htm
c:\windows\system32\cache329\B_329_3_1_549000.swf
c:\windows\system32\cache329\B_329_3_1_560400.htm
c:\windows\system32\cache329\B_329_3_1_560400.swf
c:\windows\system32\cache329\B_329_3_1_562700.htm
c:\windows\system32\cache329\B_329_3_1_562700.swf
c:\windows\system32\cache329\B_329_3_1_564100.htm
c:\windows\system32\cache329\B_329_3_1_564100.swf
c:\windows\system32\cache329\B_329_3_1_566800.htm
c:\windows\system32\cache329\B_329_3_1_566800.swf
c:\windows\system32\cache329\B_329_3_1_567900.htm
c:\windows\system32\cache329\B_329_3_1_567900.swf
c:\windows\system32\cache329\B_329_3_1_571500.htm
c:\windows\system32\cache329\B_329_3_1_571500.swf
c:\windows\system32\cache329\B_329_3_1_572600.htm
c:\windows\system32\cache329\B_329_3_1_572600.swf
c:\windows\system32\cache329\B_329_3_1_573700.htm
c:\windows\system32\cache329\B_329_3_1_573700.swf
c:\windows\system32\cache329\B_329_3_1_576900.htm
c:\windows\system32\cache329\B_329_3_1_576900.swf
c:\windows\system32\cache329\B_329_3_1_579800.htm
c:\windows\system32\cache329\B_329_3_1_579800.swf
c:\windows\system32\cache329\B_329_3_1_590300.htm
c:\windows\system32\cache329\B_329_3_1_590300.swf
c:\windows\system32\cache329\B_329_3_1_591600.htm
c:\windows\system32\cache329\B_329_3_1_591600.swf
c:\windows\system32\cache329\B_329_3_1_593100.gif
c:\windows\system32\cache329\B_329_3_1_593600.htm
c:\windows\system32\cache329\B_329_3_1_593600.swf
c:\windows\system32\cache329\B_329_3_1_593900.htm
c:\windows\system32\cache329\B_329_3_1_593900.swf
c:\windows\system32\cache329\B_329_3_1_598200.htm
c:\windows\system32\cache329\B_329_3_1_598200.swf
c:\windows\system32\cache329\B_329_3_1_598700.htm
c:\windows\system32\cache329\B_329_3_1_598700.swf
c:\windows\system32\cache329\B_329_3_1_598800.htm
c:\windows\system32\cache329\B_329_3_1_598800.swf
c:\windows\system32\cache329\B_329_3_1_599300.gif
c:\windows\system32\cache329\B_329_3_1_599800.gif
c:\windows\system32\cache329\B_329_3_1_600800.htm
c:\windows\system32\cache329\B_329_3_1_600800.swf
c:\windows\system32\cache329\B_329_3_1_600900.htm
c:\windows\system32\cache329\B_329_3_1_600900.swf
c:\windows\system32\cache329\B_329_3_1_601600.htm
c:\windows\system32\cache329\B_329_3_1_601600.swf
c:\windows\system32\cache329\B_329_3_1_601700.htm
c:\windows\system32\cache329\B_329_3_1_601700.swf
c:\windows\system32\cache329\B_329_3_1_602100.htm
c:\windows\system32\cache329\B_329_3_1_602100.swf
c:\windows\system32\cache329\B_329_3_1_611400.htm
c:\windows\system32\cache329\B_329_3_1_611400.swf
c:\windows\system32\cache329\B_329_3_1_611600.htm
c:\windows\system32\cache329\B_329_3_1_611600.swf
c:\windows\system32\cache329\B_329_3_1_622100.gif
c:\windows\system32\cache329\B_329_3_1_623600.htm
c:\windows\system32\cache329\B_329_3_1_623600.swf
c:\windows\system32\cache329\B_329_3_1_625500.htm
c:\windows\system32\cache329\B_329_3_1_625500.swf
c:\windows\system32\cache329\B_329_3_1_627200.htm
c:\windows\system32\cache329\B_329_3_1_627200.swf
c:\windows\system32\cache329\B_329_3_1_631500.htm
c:\windows\system32\cache329\B_329_3_1_631500.swf
c:\windows\system32\cache329\B_329_3_1_632000.htm
c:\windows\system32\cache329\B_329_3_1_632000.swf
c:\windows\system32\cache329\B_329_3_1_632700.htm
c:\windows\system32\cache329\B_329_3_1_632700.swf
c:\windows\system32\cache329\B_329_3_1_632900.htm
c:\windows\system32\cache329\B_329_3_1_632900.swf
c:\windows\system32\cache329\B_329_3_1_650900.htm
c:\windows\system32\cache329\B_329_3_1_650900.swf
c:\windows\system32\cache329\B_329_3_1_651000.htm
c:\windows\system32\cache329\B_329_3_1_651000.swf
c:\windows\system32\cache329\B_329_3_1_658500.gif
c:\windows\system32\cache329\B_329_3_1_659200.htm
c:\windows\system32\cache329\B_329_3_1_659200.swf
c:\windows\system32\cache329\B_329_3_1_660300.htm
c:\windows\system32\cache329\B_329_3_1_660300.swf
c:\windows\system32\cache329\B_329_3_1_660800.htm
c:\windows\system32\cache329\B_329_3_1_660800.swf
c:\windows\system32\cache329\B_329_3_2_534000.htm
c:\windows\system32\cache329\B_329_3_2_534000.swf
c:\windows\system32\cache329\B_329_3_2_539700.gif
c:\windows\system32\cache329\B_329_3_2_557400.htm
c:\windows\system32\cache329\B_329_3_2_557400.swf
c:\windows\system32\cache329\B_329_3_2_557700.htm
c:\windows\system32\cache329\B_329_3_2_557700.swf
c:\windows\system32\cache329\B_329_3_2_569300.gif
c:\windows\system32\cache329\B_329_3_2_579300.htm
c:\windows\system32\cache329\B_329_3_2_579300.swf
c:\windows\system32\cache329\B_329_3_2_631900.htm
c:\windows\system32\cache329\B_329_3_2_631900.swf
c:\windows\system32\cache329\B_329_3_3_514400.htm
c:\windows\system32\cache329\B_329_3_3_514400.swf
c:\windows\system32\cache329\B_329_3_3_578700.gif
c:\windows\system32\cache329\B_329_3_3_580800.gif
c:\windows\system32\cache329\B_329_3_3_582000.gif
c:\windows\system32\cache329\B_329_3_3_582600.gif
c:\windows\system32\cache329\B_329_3_3_582800.gif
c:\windows\system32\cache329\B_329_3_3_583100.gif
c:\windows\system32\cache329\B_329_3_3_737700.gif
c:\windows\system32\cache329\B_329_3_3_737800.gif
c:\windows\system32\cache329\B_329_3_3_737900.gif
c:\windows\system32\cache329\B_329_3_3_738300.gif
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\B_329_4_0_448200.htm
c:\windows\system32\cache329\B_329_4_0_448300.htm
c:\windows\system32\cache329\B_329_4_0_453400.htm
c:\windows\system32\cache329\B_329_4_0_517100.htm
c:\windows\system32\cache329\B_329_4_0_540900.htm
c:\windows\system32\cache329\B_329_4_0_543200.htm
c:\windows\system32\cache329\B_329_4_0_573500.htm
c:\windows\system32\cache329\B_329_4_1_504300.htm
c:\windows\system32\cache329\B_329_4_1_512500.htm
c:\windows\system32\cache329\B_329_4_1_557900.htm
c:\windows\system32\cache329\B_329_4_1_567400.htm
c:\windows\system32\cache329\B_329_4_1_567400.swf
c:\windows\system32\cache329\B_329_4_1_581800.htm
c:\windows\system32\cache329\B_329_4_1_588200.htm
c:\windows\system32\cache329\B_329_4_1_593000.gif
c:\windows\system32\cache329\B_329_4_1_593000.htm
c:\windows\system32\cache329\B_329_4_1_601500.gif
c:\windows\system32\cache329\B_329_4_1_601500.htm
c:\windows\system32\cache329\B_329_4_1_683100.gif
c:\windows\system32\cache329\B_329_4_1_683100.htm
c:\windows\system32\cache329\B_329_4_2_515500.htm
c:\windows\system32\cache329\B_329_4_2_533000.htm
c:\windows\system32\cache329\B_329_4_2_552400.htm
c:\windows\system32\cache329\B_329_4_2_552400.swf
c:\windows\system32\cache329\B_329_4_2_552600.htm
c:\windows\system32\cache329\B_329_4_2_552600.swf
c:\windows\system32\cache329\B_329_4_2_553200.htm
c:\windows\system32\cache329\B_329_4_2_553200.swf
c:\windows\system32\cache329\B_329_4_2_553400.gif
c:\windows\system32\cache329\B_329_4_2_553400.htm
c:\windows\system32\cache329\B_329_4_2_578000.htm
c:\windows\system32\cache329\B_329_4_2_578000.swf
c:\windows\system32\cache329\B_329_4_2_579200.htm
c:\windows\system32\cache329\B_329_4_2_583300.htm
c:\windows\system32\cache329\B_329_4_2_583300.swf
c:\windows\system32\cache329\B_329_4_2_583700.htm
c:\windows\system32\cache329\B_329_4_2_583700.swf
c:\windows\system32\cache329\B_329_4_2_584100.htm
c:\windows\system32\cache329\B_329_4_2_584100.swf
c:\windows\system32\cache329\B_329_4_2_585000.htm
c:\windows\system32\cache329\B_329_4_2_585000.swf
c:\windows\system32\cache329\B_329_4_2_607000.htm
c:\windows\system32\cache329\B_329_4_2_632600.htm
c:\windows\system32\cache329\B_329_4_2_632600.swf
c:\windows\system32\cache329\B_329_4_2_632800.htm
c:\windows\system32\cache329\B_329_4_2_632800.swf
c:\windows\system32\cache329\B_329_4_2_673800.htm
c:\windows\system32\cache329\B_329_4_2_673800.swf
c:\windows\system32\cache329\B_329_4_2_673900.htm
c:\windows\system32\cache329\B_329_4_2_673900.swf
c:\windows\system32\cache329\B_329_4_3_512500.htm
c:\windows\system32\cache329\B_329_4_4_612300.htm
c:\windows\system32\cache329\B_329_4_4_625500.htm
c:\windows\system32\cache329\B_329_4_4_625500.swf
c:\windows\system32\cache329\B_502100.htm
c:\windows\system32\cache329\B_502600.htm
c:\windows\system32\cache329\B_513400.htm
c:\windows\system32\cache329\B_518700.htm
c:\windows\system32\cache329\B_518800.htm
c:\windows\system32\cache329\B_519600.htm
c:\windows\system32\cache329\B_524800.htm
c:\windows\system32\cache329\B_527100.htm
c:\windows\system32\cache329\B_528500.htm
c:\windows\system32\cache329\B_530800.htm
c:\windows\system32\cache329\B_537400.htm
c:\windows\system32\cache329\B_540500.htm
c:\windows\system32\cache329\B_540700.htm
c:\windows\system32\cache329\B_551700.htm
c:\windows\system32\cache329\B_553500.htm
c:\windows\system32\cache329\B_555300.htm
c:\windows\system32\cache329\B_555600.htm
c:\windows\system32\cache329\B_561000.htm
c:\windows\system32\cache329\B_569300.htm
c:\windows\system32\cache329\B_576500.htm
c:\windows\system32\cache329\B_584000.htm
c:\windows\system32\cache329\B_591300.htm
c:\windows\system32\cache329\B_597700.htm
c:\windows\system32\cache329\B_604700.htm
c:\windows\system32\cache329\B_610700.htm
c:\windows\system32\cache329\B_611000.htm
c:\windows\system32\cache329\B_618300.htm
c:\windows\system32\cache329\B_620000.htm
c:\windows\system32\cache329\B_634700.htm
c:\windows\system32\cache329\B_636500.htm
c:\windows\system32\cache329\B_637600.htm
c:\windows\system32\cache329\B_642100.htm
c:\windows\system32\cache329\B_654000.htm
c:\windows\system32\cache329\B_679800.htm
c:\windows\system32\cache329\B_704700.htm
c:\windows\system32\cache329\B_704800.htm
c:\windows\system32\cache329\B_705100.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_0_0_446700.htm
c:\windows\system32\cache329\t_B_329_0_0_446800.htm
c:\windows\system32\cache329\t_B_329_0_0_446900.htm
c:\windows\system32\cache329\t_B_329_1_0_449200.htm
c:\windows\system32\cache329\t_B_329_1_0_449600.htm
c:\windows\system32\cache329\t_B_329_1_0_454300.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_446700.htm
c:\windows\system32\cache329\t_B_329_2_0_446800.htm
c:\windows\system32\cache329\t_B_329_2_0_446900.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_446700.htm
c:\windows\system32\cache329\t_B_329_3_0_446800.htm
c:\windows\system32\cache329\t_B_329_3_0_446900.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_4_0_448200.htm
c:\windows\system32\cache329\t_B_329_4_0_448300.htm
c:\windows\system32\cache329\t_B_329_4_0_453400.htm
c:\windows\system32\cache329\t_B_329_4_0_517100.htm
c:\windows\system32\cache329\t_B_329_4_0_540900.htm
c:\windows\system32\cache329\t_B_329_4_0_543200.htm
c:\windows\system32\cache329\t_B_329_4_0_573500.htm
c:\windows\system32\cache329\t_B_329_4_1_504300.htm
c:\windows\system32\cache329\t_B_329_4_1_512500.htm
c:\windows\system32\cache329\t_B_329_4_1_551200.htm
c:\windows\system32\cache329\t_B_329_4_1_557900.htm
c:\windows\system32\cache329\t_B_329_4_1_573500.htm
c:\windows\system32\cache329\t_B_329_4_1_581800.htm
c:\windows\system32\cache329\t_B_329_4_1_588200.htm
c:\windows\system32\cache329\t_B_329_4_2_515500.htm
c:\windows\system32\cache329\t_B_329_4_2_533000.htm
c:\windows\system32\cache329\t_B_329_4_2_579200.htm
c:\windows\system32\cache329\t_B_329_4_2_607000.htm
c:\windows\system32\cache329\t_B_329_4_3_512500.htm
c:\windows\system32\cache329\t_B_329_4_3_629200.htm
c:\windows\system32\cache329\t_B_329_4_4_612300.htm
c:\windows\system32\cache329\t_B_502100.htm
c:\windows\system32\cache329\t_B_502600.htm
c:\windows\system32\cache329\t_B_513400.htm
c:\windows\system32\cache329\t_B_518700.htm
c:\windows\system32\cache329\t_B_518800.htm
c:\windows\system32\cache329\t_B_519600.htm
c:\windows\system32\cache329\t_B_524800.htm
c:\windows\system32\cache329\t_B_527100.htm
c:\windows\system32\cache329\t_B_528500.htm
c:\windows\system32\cache329\t_B_530800.htm
c:\windows\system32\cache329\t_B_537400.htm
c:\windows\system32\cache329\t_B_540500.htm
c:\windows\system32\cache329\t_B_540700.htm
c:\windows\system32\cache329\t_B_551700.htm
c:\windows\system32\cache329\t_B_553500.htm
c:\windows\system32\cache329\t_B_555300.htm
c:\windows\system32\cache329\t_B_555600.htm
c:\windows\system32\cache329\t_B_561000.htm
c:\windows\system32\cache329\t_B_569300.htm
c:\windows\system32\cache329\t_B_576500.htm
c:\windows\system32\cache329\t_B_584000.htm
c:\windows\system32\cache329\t_B_591300.htm
c:\windows\system32\cache329\t_B_595500.htm
c:\windows\system32\cache329\t_B_597700.htm
c:\windows\system32\cache329\t_B_604700.htm
c:\windows\system32\cache329\t_B_610700.htm
c:\windows\system32\cache329\t_B_611000.htm
c:\windows\system32\cache329\t_B_618300.htm
c:\windows\system32\cache329\t_B_620000.htm
c:\windows\system32\cache329\t_B_634700.htm
c:\windows\system32\cache329\t_B_636500.htm
c:\windows\system32\cache329\t_B_637600.htm
c:\windows\system32\cache329\t_B_642100.htm
c:\windows\system32\cache329\t_B_654000.htm
c:\windows\system32\cache329\t_B_679800.htm
c:\windows\system32\cache329\t_B_704700.htm
c:\windows\system32\cache329\t_B_704800.htm
c:\windows\system32\cache329\t_B_705100.htm
c:\windows\system32\drivers\fad.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 20:01 . 2009-01-06 20:01 <DIR> d-------- C:\_OTMoveIt
2009-01-06 19:58 . 2009-01-06 19:59 <DIR> d-------- c:\program files\ERUNT
2009-01-05 18:45 . 2009-01-05 19:21 250 --a------ c:\windows\gmer.ini
2008-12-17 21:39 . 2008-12-17 21:40 <DIR> d-------- C:\rsit
2008-12-17 20:49 . 2008-12-17 20:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-12-15 20:06 . 2008-12-15 20:06 <DIR> d-------- c:\documents and settings\Keith\Application Data\Malwarebytes
2008-12-15 19:55 . 2009-01-06 20:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-15 19:55 . 2008-12-15 19:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-15 19:55 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-12-15 19:55 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-12-15 19:54 . 2008-12-15 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 23:44 --------- d-----w c:\program files\AIM6
2009-01-05 23:44 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-05 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-18 01:48 --------- d-----w c:\program files\Java
2008-12-16 22:30 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-16 00:55 --------- d-----w c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com
2008-12-12 13:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-24 22:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 13:42 --------- d-----w c:\documents and settings\Keith\Application Data\Arcsoft
2008-11-22 14:53 --------- d-----w c:\program files\SpywareBlaster
2008-11-09 20:57 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2008-11-08 15:06 --------- d-----w c:\documents and settings\Keith\Application Data\KodakCredentialStore
2008-11-08 14:59 --------- d-----w c:\program files\Common Files\ArcSoft
2008-11-08 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2008-11-08 14:57 --------- d-----w c:\program files\ArcSoft
2008-11-08 14:49 --------- d-----w c:\program files\Common Files\Kodak
2008-06-14 08:07 32,768 -csha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008061420080615\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-16 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2001-10-09 200704]
"EM_EXEC"="c:\progra~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-10-09 35328]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-08-01 94208]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.IV41"= ir41_32.dll
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1138757384\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1138757384\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R4 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [2003-01-29 34712]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-05 24652]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\SYSTEM32\DRIVERS\OMVA.sys [2004-12-07 14924]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
.
Contents of the 'Scheduled Tasks' folder

2008-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-06 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2007-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2007-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-07 c:\windows\Tasks\User_Feed_Synchronization-{BBB7D588-C182-4286-BD47-5813B1FC9C42}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BLMessagingIntegration - c:\program files\Common Files\PSD Tools\blengine.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.bat
HKCU-Run-Aim6 - (no file)
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: payex.adp.com
Trusted Zone: vs2005stage.iamaw.org

c:\windows\Downloaded Program Files\ActiveGS.ocx - O16 -: ActiveGS.cab
hxxp://www.virtualapple.com/activegs.cab
c:\windows\Downloaded Program Files\OSDA56.OSD

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 18:37:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\wanmpsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\SYSTEM32\mrtMngr.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-01-07 18:45:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-07 23:45:15

Pre-Run: 5,574,340,608 bytes free
Post-Run: 5,512,298,496 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

792 --- E O F --- 2008-12-18 01:41:35

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:50 PM

Posted 07 January 2009 - 07:51 PM

You are welcome :thumbsup:

Please go to Start >Control Panel >Add\Remove programs
remove this below:

Viewpoint

Then exit the Control Panel.
===================
After that using Windows Explorer (to get there right-click your Start button and go to "Explore")
Delete this folder listed below:

C:\Program Files\Viewpoint

then exit Windows Explorer.
====================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
==========
After that post the Malwarebytes Log and a new Rsit log then let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 ktb2008

ktb2008
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 07 January 2009 - 09:28 PM

Oh, things seem to be running fine. I don't know if you read the thread that I originally posted, but most of the visible ill effects of the infection, such as pop-ups, were cleared up by running SuperAntiSpyware originally. However, the original person who was helping me, boopme, seemed to indicate that there could be other hidden things that we'd need to take care of, and you stepped up to the plate to bring the hidden things to light! :thumbsup: I guess my biggest concern at this point is if I should be wary about doing any financial transactions or online shopping on my computer after this infection and after the work we've been doing. I don't keep any sort of personal or financial data in files on my machine, have never chosen to save passwords for websites, and nearly always delete all browsing history items whenever I'm finished using the Internet (consider me paranoid). So I don't see how anything could have been read from my machine, but I'm certainly no expert. Nevertheless, here are the logs:

Malwarebytes' Anti-Malware 1.32
Database version: 1629
Windows 5.1.2600 Service Pack 3

1/7/2009 9:22:25 PM
mbam-log-2009-01-07 (21-22-25).txt

Scan type: Quick Scan
Objects scanned: 55981
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of random's system information tool 1.05 (written by random/random)
Run by Keith at 2009-01-07 21:22:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 766 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:05 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Keith\Desktop\Spyware\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Keith.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://vs2005stage.iamaw.org
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = iamaw.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = iamaw.org
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9566 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BBB7D588-C182-4286-BD47-5813B1FC9C42}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-14 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2001-10-09 200704]
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-10-09 35328]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]
"QAGENT"=C:\Program Files\QUICKENW\QAGENT.EXE [2001-08-01 94208]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-28 188416]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-17 136600]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-16 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1138757384\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1138757384\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1138757384\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1138757384\ee\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Disabled:CoDMP"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-01-07 21:10:51 ----SHD---- C:\RECYCLER
2009-01-07 18:45:32 ----A---- C:\ComboFix.txt
2009-01-07 18:24:08 ----A---- C:\Boot.bak
2009-01-07 18:23:54 ----RASHD---- C:\cmdcons
2009-01-07 18:22:13 ----A---- C:\WINDOWS\zip.exe
2009-01-07 18:22:13 ----A---- C:\WINDOWS\VFIND.exe
2009-01-07 18:22:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-07 18:22:13 ----A---- C:\WINDOWS\SWSC.exe
2009-01-07 18:22:13 ----A---- C:\WINDOWS\SWREG.exe
2009-01-07 18:22:13 ----A---- C:\WINDOWS\sed.exe
2009-01-07 18:22:13 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-07 18:22:13 ----A---- C:\WINDOWS\grep.exe
2009-01-07 18:22:13 ----A---- C:\WINDOWS\fdsv.exe
2009-01-07 18:21:56 ----D---- C:\WINDOWS\ERDNT
2009-01-07 18:21:56 ----D---- C:\Qoobox
2009-01-06 20:01:49 ----D---- C:\_OTMoveIt
2009-01-06 19:58:55 ----D---- C:\Program Files\ERUNT
2009-01-05 18:45:50 ----A---- C:\WINDOWS\gmer.ini
2009-01-05 18:45:39 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-05 18:45:39 ----A---- C:\WINDOWS\gmer.dll
2009-01-05 18:45:38 ----A---- C:\WINDOWS\gmer.exe
2008-12-17 21:39:13 ----D---- C:\rsit
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\java.exe
2008-12-17 20:49:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-16 05:27:03 ----A---- C:\avenger.txt
2008-12-15 20:06:40 ----D---- C:\Documents and Settings\Keith\Application Data\Malwarebytes
2008-12-15 19:55:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-15 19:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-15 19:54:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-11 23:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 23:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 23:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 23:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-07 21:22:45 ----AD---- C:\WINDOWS\Temp
2009-01-07 21:10:52 ----AD---- C:\Program Files
2009-01-07 21:09:41 ----D---- C:\WINDOWS\Prefetch
2009-01-07 19:11:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-07 18:45:39 ----D---- C:\WINDOWS\SYSTEM32
2009-01-07 18:45:38 ----D---- C:\WINDOWS\system32\DRIVERS
2009-01-07 18:45:34 ----D---- C:\WINDOWS
2009-01-07 18:42:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-07 18:37:35 ----A---- C:\WINDOWS\system.ini
2009-01-07 18:34:38 ----D---- C:\WINDOWS\system32\CONFIG
2009-01-07 18:32:51 ----D---- C:\WINDOWS\AppPatch
2009-01-07 18:32:51 ----AD---- C:\Program Files\Common Files
2009-01-07 18:24:08 ----RASH---- C:\BOOT.INI
2009-01-07 18:22:12 ----SHD---- C:\System Volume Information
2009-01-07 18:22:12 ----D---- C:\WINDOWS\system32\Restore
2009-01-05 18:44:59 ----D---- C:\Program Files\AIM6
2009-01-05 18:44:10 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-05 18:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-17 20:50:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-17 20:49:30 ----SHD---- C:\WINDOWS\Installer
2008-12-17 20:48:28 ----D---- C:\Program Files\Java
2008-12-17 20:41:34 ----HD---- C:\WINDOWS\INF
2008-12-17 20:41:25 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-12-17 20:41:22 ----D---- C:\WINDOWS\ie7updates
2008-12-17 20:40:59 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 17:30:06 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-16 05:25:16 ----RSD---- C:\WINDOWS\Fonts
2008-12-15 19:55:12 ----D---- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 08:22:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-11 23:06:50 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 23:06:10 ----D---- C:\Program Files\Internet Explorer
2008-12-11 22:57:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 18:24:37 ----AC---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-03-23 43672]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-02-02 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-02-02 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 34712]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-09-19 41728]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2001-08-09 10256]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2001-11-30 22206]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2001-11-30 39836]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2001-11-30 5838]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2001-11-30 67694]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-01-29 28164]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2001-09-27 28396]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2001-11-30 50990]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 OMVA;VPN-1 SecureClient Adapter; C:\WINDOWS\system32\DRIVERS\OMVA.sys [2003-04-08 14924]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;Usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-17 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2001-11-26 65536]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:50 PM

Posted 08 January 2009 - 08:03 AM

It sounds like you surf pretty safely and I wouldn't worry aboutit at this point but I am sure you know that even after deemed clean with a backdor infection it typically is better to reformat the Operating System to ensure safety.
But I think at this point the system is fine and I see no other issues being listed here so I personally think it is fine.
================================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 ktb2008

ktb2008
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 08 January 2009 - 08:07 PM

Yeah, I don't really want to go through the hassle of reformatting my hard disk; I'd rather go out and buy a new computer before going through that process. If Windows 7 were out yet, I'd go ahead and do it, since I have no desire to own a machine with Vista! :thumbsup: Incidentally, how does a backdoor infection generally steal information off of a computer? Does it read or steal files, log keystrokes, etc? I guess that would give me an idea of how comfortable I am with using my banking and financial websites on this machine after this infection.

I have followed your last steps and downloaded and installed your recommended programs. However, I do have one more question. Ever since we did the last series of scans, when I go to a website that requires a login, such as my web mail, I get a security alert telling me that I'm about to view pages over a secure connection, and I see that the login page is an https: page. Did something we do enable this? I never got this before, and I only get this on this machine, but I thought SSL protection was something that was enabled on a server, not a client machine.

Again, thanks for all your help with this!

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:50 PM

Posted 09 January 2009 - 09:04 AM

It is an IE setting that prompts you and alert's to unsecure connection that happens by default it happens on my computer.
BAckdoors are dangerous because they can be used for complete remote access to your computer and send unknowing to you information such as passswords etc...
But that also depends on what you use the system for they cannot get any info if none is present.

I believe that it is fine to use it for whatever you want to use it for now but again it is up to you.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users