Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent & Trojan.Vundo Infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 dwoodward

dwoodward

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 24 March 2009 - 11:50 AM

Have picked up a malware problem that is causing IE/Firefox to randomly redirect pages from search engine results page. Redirects occur both out of Yahoo and Google results. Pages are randomly redirected to sites like Toseeka, Shopzilla, Wesearchmaster, etc. Redirect from Google search results seems to occur after browser connects with "googleads.gdoubleclick.net"

Tried many Spyware programs including Sbybot & SuperAntiSpyware. Finally, Malwarebytes found and removed Trojan.Agent and Trojan.Vundo but redirect problem persists.

Log file of HijackThis follows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:38 PM, on 3/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Meeting Center\Modules\Calendar\AddInMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kxasogo] rundll32.exe "C:\WINDOWS\Rwozuwesebebebag.dll",e
O4 - HKLM\..\Run: [Twazo] rundll32.exe "C:\WINDOWS\ahalulefari.dll",e
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1235182602546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Client\rthlpsvc.exe

--
End of file - 12978 bytes

Redirect from Google search results seems to occur after browser connects with "googleads.gdoubleclick.net" Tried cleaning with a variety of Malware/Adware packages and problem persists.

Help, please... log file of HijackThis follows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:38 PM, on 3/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Meeting Center\Modules\Calendar\AddInMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kxasogo] rundll32.exe "C:\WINDOWS\Rwozuwesebebebag.dll",e
O4 - HKLM\..\Run: [Twazo] rundll32.exe "C:\WINDOWS\ahalulefari.dll",e
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1235182602546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Client\rthlpsvc.exe

--
End of file - 12978 bytes

Edited by dwoodward, 24 March 2009 - 11:55 AM.


BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 24 March 2009 - 12:23 PM

Hi,

I will handle your log. As I am in training, all my fixes have to be checked.
I'll get back to you as soon as is possible. :thumbup2:

#3 dwoodward

dwoodward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 24 March 2009 - 12:34 PM

Thank you for your assistance!!

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 25 March 2009 - 12:27 PM

Hi,
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


#5 dwoodward

dwoodward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 25 March 2009 - 01:10 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dan Woodward at 2009-03-25 11:06:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (38%) free of 61 GB
Total RAM: 1527 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:07 AM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Meeting Center\Modules\Calendar\AddInMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Documents and Settings\Dan Woodward\Desktop\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\Dan Woodward.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1235182602546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Client\rthlpsvc.exe

--
End of file - 12920 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Funambol Outlook Sync Client - Dan Woodward.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_FUSION-MOBILE64_Dan Woodward.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-01-16 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-05 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 177456]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1028096]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-20 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-20 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-20 137752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2006-09-05 184320]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-11-04 615696]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-05 148888]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2003-12-05 49152]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-01-29 23975720]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Microsoft Help and Support Center"
"C:\Program Files\Oneeko\ONEEKO.EXE"="C:\Program Files\Oneeko\ONEEKO.EXE:*:Enabled:ONEEKO"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"

======List of files/folders created in the last 1 months======

2009-03-25 11:06:45 ----D---- C:\rsit
2009-03-23 22:46:03 ----D---- C:\Documents and Settings\Dan Woodward\Application Data\Malwarebytes
2009-03-23 22:45:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-23 22:45:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-23 20:25:55 ----D---- C:\Program Files\Trend Micro
2009-03-23 20:24:02 ----D---- C:\Program Files\ERUNT
2009-03-23 19:06:32 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-22 17:45:26 ----D---- C:\Program Files\Netflix
2009-03-20 16:47:19 ----D---- C:\Program Files\EsetOnlineScanner
2009-03-19 14:43:10 ----D---- C:\00000007govbids@tekgeardirect.com2
2009-03-19 10:22:17 ----D---- C:\00000007govbids@tekgeardirect.com1
2009-03-19 10:20:57 ----D---- C:\00000007govbids@tekgeardirect.com
2009-03-17 20:36:07 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-03-17 20:32:10 ----D---- C:\Program Files\Common Files\McAfee
2009-03-17 20:32:06 ----D---- C:\Program Files\McAfee.com
2009-03-17 20:31:51 ----D---- C:\Program Files\McAfee
2009-03-17 18:36:26 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-17 18:36:18 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-17 18:36:18 ----D---- C:\Documents and Settings\Dan Woodward\Application Data\SUPERAntiSpyware.com
2009-03-17 18:36:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-17 16:50:35 ----D---- C:\Program Files\Lavasoft
2009-03-17 16:50:35 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-03-17 16:27:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-17 16:27:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-17 11:52:55 ----D---- C:\00000006govbids@tekgeardirect.com3
2009-03-17 11:36:51 ----D---- C:\00000006govbids@tekgeardirect.com2
2009-03-17 10:48:38 ----D---- C:\00000006govbids@tekgeardirect.com1
2009-03-17 10:47:55 ----D---- C:\00000006govbids@tekgeardirect.com
2009-03-14 17:30:16 ----D---- C:\Documents and Settings\Dan Woodward\Application Data\Costco Photo Viewer US
2009-03-12 19:23:13 ----D---- C:\WINDOWS\Hewlett-Packard
2009-03-12 19:20:24 ----A---- C:\WINDOWS\hplj3380.ini
2009-03-12 19:17:26 ----D---- C:\temp
2009-03-12 19:13:32 ----D---- C:\Program Files\Common Files\SWF Studio
2009-03-11 16:04:11 ----D---- C:\WINDOWS\system32\MpEngineStore
2009-03-11 16:04:11 ----A---- C:\WINDOWS\system32\MRT.INI
2009-03-11 16:02:08 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-03-11 16:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-11 16:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 16:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 08:03:43 ----D---- C:\Documents and Settings\Dan Woodward\Application Data\webex
2009-03-10 18:38:59 ----D---- C:\Program Files\DemoForge
2009-03-08 15:02:09 ----D---- C:\WINDOWS\Sun
2009-03-07 09:34:04 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2009-03-07 09:34:03 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2009-03-07 09:34:02 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2009-03-07 09:34:02 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2009-03-07 09:34:02 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2009-03-07 09:34:02 ----N---- C:\WINDOWS\system32\ImagX7.dll
2009-03-07 09:34:02 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-03-07 09:34:01 ----D---- C:\Program Files\Common Files\Ahead
2009-03-07 09:34:00 ----D---- C:\Program Files\Ahead
2009-03-05 13:03:09 ----D---- C:\HPFixScan
2009-03-05 12:55:42 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-05 12:55:42 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-05 12:55:42 ----A---- C:\WINDOWS\system32\java.exe
2009-03-05 12:55:42 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-05 12:55:06 ----D---- C:\Program Files\Java
2009-03-05 12:54:36 ----D---- C:\Documents and Settings\Dan Woodward\Application Data\Sun
2009-03-05 11:43:43 ----D---- C:\Documents and Settings\Dan Woodward\Application Data\skypePM
2009-03-05 11:37:58 ----D---- C:\Documents and Settings\Dan Woodward\Application Data\Skype
2009-03-05 11:37:36 ----D---- C:\Program Files\Common Files\Skype
2009-03-05 11:37:31 ----RD---- C:\Program Files\Skype
2009-03-05 11:37:24 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-03-05 11:01:18 ----D---- C:\Documents and Settings\Dan Woodward\Application Data\Windows Search
2009-03-03 12:34:00 ----D---- C:\Documents and Settings\Dan Woodward\Application Data\Windows Desktop Search
2009-03-03 12:32:29 ----D---- C:\Program Files\Windows Desktop Search
2009-03-03 12:32:28 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-03-03 12:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-03-03 12:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-03-02 10:55:56 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-27 14:31:53 ----SHD---- C:\WINDOWS\CSC
2009-02-26 09:39:55 ----A---- C:\WINDOWS\system32\lmdimon8.dll
2009-02-26 09:39:17 ----D---- C:\Documents and Settings\All Users\Application Data\Applications

======List of files/folders modified in the last 1 months======

2009-03-25 11:06:48 ----D---- C:\WINDOWS\Temp
2009-03-25 11:06:23 ----D---- C:\WINDOWS\Prefetch
2009-03-25 08:41:09 ----D---- C:\Program Files\Mozilla Firefox
2009-03-25 08:37:23 ----D---- C:\WINDOWS
2009-03-25 08:35:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-24 10:42:04 ----D---- C:\WINDOWS\system32
2009-03-23 23:11:37 ----D---- C:\WINDOWS\system32\drivers
2009-03-23 22:45:56 ----RD---- C:\Program Files
2009-03-23 20:52:30 ----SHD---- C:\WINDOWS\Installer
2009-03-23 20:52:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-23 19:09:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-23 13:24:33 ----HD---- C:\WINDOWS\inf
2009-03-20 18:47:12 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-20 18:45:56 ----D---- C:\Documents and Settings
2009-03-20 16:47:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-17 20:37:17 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-03-17 20:32:39 ----SD---- C:\WINDOWS\Tasks
2009-03-17 20:32:10 ----D---- C:\Program Files\Common Files
2009-03-17 16:50:28 ----D---- C:\WINDOWS\WinSxS
2009-03-13 10:58:29 ----SHD---- C:\System Volume Information
2009-03-13 09:26:07 ----D---- C:\WINDOWS\repair
2009-03-13 09:25:42 ----D---- C:\WINDOWS\Registration
2009-03-12 19:23:26 ----D---- C:\Program Files\Hewlett-Packard
2009-03-12 19:21:33 ----RSD---- C:\WINDOWS\Fonts
2009-03-11 16:02:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-11 16:01:55 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 16:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-11 16:00:17 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-11 14:23:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-11 14:21:01 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-11 07:55:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-09 15:56:46 ----SD---- C:\Documents and Settings\Dan Woodward\Application Data\Microsoft
2009-03-09 15:27:49 ----D---- C:\Documents and Settings\Dan Woodward\Application Data\Apple Computer
2009-03-05 12:58:53 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-05 09:37:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-03 12:32:38 ----D---- C:\WINDOWS\system32\en-us
2009-03-03 12:32:28 ----D---- C:\WINDOWS\system32\wbem
2009-02-26 09:39:32 ----D---- C:\Program Files\Microsoft Office

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-01-09 213640]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-27 1342602]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 dfmirage;dfmirage; C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
R3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-14 206976]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2008-07-26 41752]
R3 LVUVC;Logitech QuickCam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-01-09 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-01-09 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-01-09 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-27 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-27 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-27 148168]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-27 57096]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys [2006-03-02 17516]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-01-09 34216]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-10-31 2236544]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-27 258103]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-05 152984]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-01-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-01-09 884360]
R2 Retrospect Client;Retrospect Client; C:\Program Files\Dantz\Client\Remotsvc.exe [2006-04-03 53248]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2007-11-29 144688]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-01-16 606736]
S2 Retrospect Helper;Retrospect Helper; C:\Program Files\Dantz\Client\rthlpsvc.exe [2006-04-11 110592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-01-17 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\hpzipm12.exe [2003-10-22 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-03-25 11:07:11

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {E565477D-0E44-4244-BB91-4099BA514CA8}
-->msiexec /x{1C32666E-3F65-4A9A-BC4D-FE293015FE7B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-100000000002}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{034E061B-B3A3-4123-842E-10C1B6B3C8C7}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{034E061B-B3A3-4123-842E-10C1B6B3C8C7}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom NetXtreme Ethernet Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Bynari, Inc. Insight Connector 3.1.8-1216303-->"c:\Program Files\Bynari, Inc\InsightConnector\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Funambol Outlook Sync Client 7.1.10-->C:\Program Files\Funambol\Outlook Client\uninst.exe
Genesys Meeting Center-->MsiExec.exe /I{22D0BEDD-585D-4DBD-94A2-6C3C3B0E3644}
GMATPrep™-->"C:\Program Files\InstallShield Installation Information\{BFE903DE-4845-4387-9C6C-98B21B8445A3}\setup.exe" -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP BatteryCheck 1.00 A7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DAC00A-7665-4E9B-B441-093D40736429}\setup.exe" -l0x9 -removeonly uninst
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
hp LaserJet-all-in-one-->C:\Program Files\hp\Digital Imaging\{1B4B2D13-BA87-4c7c-8B67-0EE7CE698415}\setup\hpzscr01.exe -datfile hpbscr01.dat
HP Quick Launch Buttons 6.30 J1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Software Update-->MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}
HP Wireless Assistant-->MsiExec.exe /I{A5CE7175-080D-49AC-B5A3-E7E3502428F5}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java™ 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
LaserAIO-->MsiExec.exe /I{DD23CAA4-8872-4B95-B263-EA46FD82CF19}
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mirage Driver 1.1-->"C:\Program Files\DemoForge\Mirage Driver\uninst\unins000.exe"
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Retrospect Client 6.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E3F7CA5-ED5A-4A74-B366-1CA2D49B4BC9}\setup.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WebEx Meeting Manager for Firefox/Netscape/Chrome-->MsiExec.exe /I{D491FEB0-3D6A-49DE-8C97-8D4D0036E07E}
WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: FUSION-MOBILE64
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Record Number: 446
Source Name: DCOM
Time Written: 20090220233658.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FUSION-MOBILE64
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 444
Source Name: b57w2k
Time Written: 20090220233624.000000-480
Event Type: warning
User:

Computer Name: FUSION-MOBILE64
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE766528. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 441
Source Name: Dhcp
Time Written: 20090220233607.000000-480
Event Type: warning
User:

Computer Name: FUSION-MOBILE64
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE766528. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 440
Source Name: Dhcp
Time Written: 20090220233607.000000-480
Event Type: warning
User:

Computer Name: FUSION-MOBILE64
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE766528. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 439
Source Name: Dhcp
Time Written: 20090220233607.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: FUSION-MOBILE64
Event Code: 5603
Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 227
Source Name: WinMgmt
Time Written: 20090220225114.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FUSION-MOBILE64
Event Code: 2002
Message: The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

Record Number: 225
Source Name: LoadPerf
Time Written: 20090220224202.000000-480
Event Type: warning
User:

Computer Name: FUSION-MOBILE64
Event Code: 0
Message: Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 206
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090220221743.000000-480
Event Type: warning
User:

Computer Name: FUSION-MOBILE64
Event Code: 0
Message: Configuration section system.runtime.serialization already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 205
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090220221743.000000-480
Event Type: warning
User:

Computer Name: FUSION-MOBILE64
Event Code: 0
Message: Configuration section system.serviceModel already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 204
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090220221743.000000-480
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"MeetingCenterApp"=C:\Program Files\Meeting Center\

-----------------EOF-----------------

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 26 March 2009 - 12:19 PM

Hi,

1. Please go to Start>Run type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as check.bat on your Desktop.
regedit /e peek.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32" 
start notepad peek.txt
Then please double click on check.bat a window will open and close quickly.This is normal.
It will produce a text file on your desktop.
Please post the contents of that document here.

2. Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.


#7 dwoodward

dwoodward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 26 March 2009 - 04:41 PM

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="lvcodec2.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.l3acm"="C:\\WINDOWS\\System32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"MSVideo8"="VfWWDM32.dll"
"wave2"="wdmaud.drv"
"midi2"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"aux2"="wdmaud.drv"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux1"="wdmaud.drv"
"MSVideo"="vfwwdm32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
"mixer"="rdpsnd.dll"



GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-26 14:38:47
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA7C4D44A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA7C4D4E1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA7C4D3F8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA7C4D40C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA7C4D4F5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA7C4D521]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA7C4D58F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA7C4D579]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA7C4D48A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA7C4D5BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA7C4D4CD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA7C4D3D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA7C4D3E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA7C4D45E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA7C4D5F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA7C4D563]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA7C4D54D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA7C4D50B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA7C4D5E3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA7C4D5CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA7C4D436]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA7C4D422]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA7C4D537]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA7C4D4B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA7C4D5A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA7C4D4A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA7C4D474]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A7C4D478 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A7C4D44E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP A7C4D48E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP A7C4D4A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP A7C4D462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP A7C4D3D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP A7C4D3E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP A7C4D426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP A7C4D410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 1 Byte [E9]
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP A7C4D3FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP A7C4D43A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP A7C4D4BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP A7C4D551 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP A7C4D53B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP A7C4D5A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP A7C4D567 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP A7C4D50F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP A7C4D4E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP A7C4D4F9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP A7C4D525 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP A7C4D593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP A7C4D57D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP A7C4D4D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP A7C4D5FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP A7C4D5D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP A7C4D5E7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP A7C4D5BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC0F4E
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0039
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0F5F
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0028
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0FA1
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC0079
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0F31
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC00AF
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC0F0C
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CC00C0
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CC0F86
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CC0FDE
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CC005E
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CC0FBC
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CC0FCD
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CC0094
.text C:\WINDOWS\System32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CB0025
.text C:\WINDOWS\System32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CB006C
.text C:\WINDOWS\System32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CB0014
.text C:\WINDOWS\System32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\System32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CB0051
.text C:\WINDOWS\System32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\System32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CB0040
.text C:\WINDOWS\System32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CB0FB9
.text C:\WINDOWS\System32\svchost.exe[272] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0F97
.text C:\WINDOWS\System32\svchost.exe[272] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA002C
.text C:\WINDOWS\System32\svchost.exe[272] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA0000
.text C:\WINDOWS\System32\svchost.exe[272] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\System32\svchost.exe[272] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0011
.text C:\WINDOWS\System32\svchost.exe[272] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA0FC6
.text C:\WINDOWS\system32\SearchIndexer.exe[384] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F52
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0047
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F79
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F12
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0058
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0ECB
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0EE6
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A007F
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0F94
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F37
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F01
.text C:\WINDOWS\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290011
.text C:\WINDOWS\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290062
.text C:\WINDOWS\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290FCA
.text C:\WINDOWS\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290FA5
.text C:\WINDOWS\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290047
.text C:\WINDOWS\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0029002C
.text C:\WINDOWS\Explorer.EXE[680] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003B0053
.text C:\WINDOWS\Explorer.EXE[680] msvcrt.dll!system 77C293C7 5 Bytes JMP 003B0042
.text C:\WINDOWS\Explorer.EXE[680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003B001D
.text C:\WINDOWS\Explorer.EXE[680] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003B0FEF
.text C:\WINDOWS\Explorer.EXE[680] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003B0FD2
.text C:\WINDOWS\Explorer.EXE[680] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003B000C
.text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 003D0000
.text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 003D0FE5
.text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 003D0FCA
.text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 003D001B
.text C:\WINDOWS\Explorer.EXE[680] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01960FEF
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040F79
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040078
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040F9E
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040051
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040F30
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040F4B
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040F0E
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040F1F
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00040EF3
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00040040
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00040F68
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00040FB9
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00040FCA
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0004009D
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00070014
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [27, 88]
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060F95
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060FB0
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FD2
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FC1
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FE3
.text C:\WINDOWS\system32\services.exe[948] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050FE5
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD009D
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F9E
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0FC0
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0058
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F66
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD00AE
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F30
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00BF
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BD00E4
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BD0FD1
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BD0F8D
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BD0033
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BD0022
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BD0F41
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CC0FC0
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CC005B
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CC0FDB
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CC0011
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CC004A
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CC0F9E
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [EC, 88]
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CC0FAF
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB0FAD
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB0FBE
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB0038
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89]
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB0FE3
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB001D
.text C:\WINDOWS\system32\lsass.exe[960] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F0000A
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F79
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F9E
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00FAF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F0006C
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FCA
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F4B
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F68
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000E4
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F000C9
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F000FF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F00047
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F00FE5
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F00089
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F0002C
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F0001B
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F000B8
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F30FC3
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F3005B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F3000A
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F3004A
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F30FB2
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [13, 89]
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F3002F
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20F9C
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20FAD
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F2001D
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F2000C
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F20FC8
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20FE3
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C9008A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C90F95
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C90FB2
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C90FC3
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C90FDE
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C900B6
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C9009B
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C90F49
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C900E2
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C900FD
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C9005B
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C90F7A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C90040
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C90025
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C900C7
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CC0F9E
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CC0036
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CC0051
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CC0FAF
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [EC, 88]
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CC0FC0
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB005F
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB0044
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB0033
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB000C
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA000A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1300] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02BB0FEF
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02BB0F72
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02BB0F8D
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02BB0065
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02BB0054
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02BB0039
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02BB0F50
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02BB0F61
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02BB00DF
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02BB00CE
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02BB0F21
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02BB0FB2
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02BB000A
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02BB0082
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02BB0FC3
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02BB0FD4
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02BB00B3
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 030C0025
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 030C007D
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 030C0FDE
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 030C0014
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 030C006C
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 030C0FEF
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 030C0051
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 030C0040
.text C:\WINDOWS\System32\svchost.exe[1348] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 030B0FBE
.text C:\WINDOWS\System32\svchost.exe[1348] msvcrt.dll!system 77C293C7 5 Bytes JMP 030B0049
.text C:\WINDOWS\System32\svchost.exe[1348] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 030B0FD9
.text C:\WINDOWS\System32\svchost.exe[1348] msvcrt.dll!_open 77C2F566 5 Bytes JMP 030B0000
.text C:\WINDOWS\System32\svchost.exe[1348] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 030B002E
.text C:\WINDOWS\System32\svchost.exe[1348] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 030B001D
.text C:\WINDOWS\System32\svchost.exe[1348] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02D20000
.text C:\WINDOWS\System32\svchost.exe[1348] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 030D0FEF
.text C:\WINDOWS\System32\svchost.exe[1348] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 030D000A
.text C:\WINDOWS\System32\svchost.exe[1348] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 030D001B
.text C:\WINDOWS\System32\svchost.exe[1348] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 030D002C
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0F57
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0F72
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0040
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C002F
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C001E
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0067
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0F1F
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0093
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C0082
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 009C00A4
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 009C0F97
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 009C0F46
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 009C0FA8
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 009C0FB9
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 009C0F04
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 009B0FCA
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 009B006C
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 009B001B
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 009B0051
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 009B0000
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 009B0FB9
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [BB, 88]
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 009B0036
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0016
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0F95
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FC1
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FA6
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FD2
.text C:\WINDOWS\System32\svchost.exe[1508] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990FEF
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EB000A
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EB0091
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EB0F9C
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EB0FB9
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EB006C
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EB0F49
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EB0F66
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EB0F13
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EB0F2E
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00EB0EF8
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00EB0FD4
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EB001B
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00EB0F81
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00EB0051
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00EB0036
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00EB00AC
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E9002F
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E9006C
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E90FD4
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E90FA5
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E90000
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E90051
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E90040
.text C:\WINDOWS\System32\svchost.exe[1552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E80F77
.text C:\WINDOWS\System32\svchost.exe[1552] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E80F92
.text C:\WINDOWS\System32\svchost.exe[1552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E80FC1
.text C:\WINDOWS\System32\svchost.exe[1552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E80FE3
.text C:\WINDOWS\System32\svchost.exe[1552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E8000C
.text C:\WINDOWS\System32\svchost.exe[1552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E80FD2
.text C:\WINDOWS\System32\svchost.exe[1552] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\System32\svchost.exe[1552] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\System32\svchost.exe[1552] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00EA0FD4
.text C:\WINDOWS\System32\svchost.exe[1552] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00EA000A
.text C:\WINDOWS\System32\svchost.exe[1552] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00EA0FAF
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F88
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F99
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0073
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0058
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FD1
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F77
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00BF
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F48
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00EB
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00FC
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0FC0
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A00A2
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0047
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[3612] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00DA
.text C:\WINDOWS\System32\svchost.exe[3612] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0029001B
.text C:\WINDOWS\System32\svchost.exe[3612] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290F68
.text C:\WINDOWS\System32\svchost.exe[3612] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0029000A
.text C:\WINDOWS\System32\svchost.exe[3612] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290FD4
.text C:\WINDOWS\System32\svchost.exe[3612] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290F83
.text C:\WINDOWS\System32\svchost.exe[3612] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[3612] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290F94
.text C:\WINDOWS\System32\svchost.exe[3612] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [49, 88]
.text C:\WINDOWS\System32\svchost.exe[3612] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FAF
.text C:\WINDOWS\System32\svchost.exe[3612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0027
.text C:\WINDOWS\System32\svchost.exe[3612] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FA6
.text C:\WINDOWS\System32\svchost.exe[3612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FD2
.text C:\WINDOWS\System32\svchost.exe[3612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FE3
.text C:\WINDOWS\System32\svchost.exe[3612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FC1
.text C:\WINDOWS\System32\svchost.exe[3612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[3612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00470000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\igfxsrvc.exe[176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C82F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C82CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C82D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C82CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BF2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BF2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BF2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BF2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [012D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [012D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [012D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [012D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C02F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C02CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C02D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C02CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00EC2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00EC2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00EC2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00EC2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[4064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[4064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[4064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[4064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dan Woodward\Desktop\gmer.exe[4276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dan Woodward\Desktop\gmer.exe[4276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dan Woodward\Desktop\gmer.exe[4276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dan Woodward\Desktop\gmer.exe[4276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[5380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[5380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[5380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[5380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 27 March 2009 - 08:00 AM

Hi,

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#9 dwoodward

dwoodward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 27 March 2009 - 07:48 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 27, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 27, 2009 18:08:56
Records in database: 1977135
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
M:\
S:\
T:\

Scan statistics:
Files scanned: 188510
Threat name: 1
Infected objects: 0
Suspicious objects: 1
Duration of the scan: 04:41:56


File name / Threat name / Threats count
D:\My Documents\Outlook Data\EMAIL_ARCHIVE.PST Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 28 March 2009 - 06:01 AM

Hi,

Open Outlook, and go into your Archive folder. Delete everything in here, because something is infected in this folder.

Are you still getting redirected?

#11 dwoodward

dwoodward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 28 March 2009 - 11:31 AM

So there is no way of "cleaning" the mail archive? If I delete the archive folder, I will loose important archived email. Is there another solution here?

#12 dwoodward

dwoodward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 28 March 2009 - 01:10 PM

Ok... I did some research on this one. Apparently Trojan-Spy.HTML.Fraud.gen is a phishing email. I was able to isolate the offending message to a particular message sender, Kaspersky helped with this, then I deleted this email permanently... compacted the mailbox, rescanned with Kaspersky and it found no infection.

But... I am still getting the page redirects so I do not think that Trojan-Spy.HTML.Fraud.gen was the cause.

#13 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 28 March 2009 - 03:16 PM

Hi,

Download ComboFix from one of these locations:
Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image
Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply, together with a new Hijackthislog.

#14 dwoodward

dwoodward
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 28 March 2009 - 08:06 PM

ComboFix 09-03-28.01 - Dan Woodward 2009-03-28 17:51:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.689 [GMT -7:00]
Running from: c:\documents and settings\Dan Woodward\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCIDump


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-25 11:06 . 2009-03-25 11:07 <DIR> d-------- C:\rsit
2009-03-23 22:46 . 2009-03-23 22:46 <DIR> d-------- c:\documents and settings\Dan Woodward\Application Data\Malwarebytes
2009-03-23 22:46 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-23 22:45 . 2009-03-28 12:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 22:45 . 2009-03-23 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 22:45 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 20:25 . 2009-03-23 20:25 <DIR> d-------- c:\program files\Trend Micro
2009-03-23 20:24 . 2009-03-23 20:24 <DIR> d-------- c:\program files\ERUNT
2009-03-22 17:45 . 2009-03-22 17:45 <DIR> d-------- c:\program files\Netflix
2009-03-20 18:50 . 2009-03-20 18:50 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-20 18:48 . 2009-03-20 18:48 <DIR> d-------- c:\documents and settings\Dan Strickland\Application Data\Windows Desktop Search
2009-03-20 18:45 . 2009-03-20 18:45 <DIR> d-------- c:\documents and settings\Dan Strickland
2009-03-20 16:47 . 2009-03-20 16:48 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-19 14:43 . 2009-03-19 14:43 <DIR> d-------- C:\00000007govbids@tekgeardirect.com2
2009-03-19 10:22 . 2009-03-19 10:22 <DIR> d-------- C:\00000007govbids@tekgeardirect.com1
2009-03-19 10:20 . 2009-03-19 10:20 <DIR> d-------- C:\00000007govbids@tekgeardirect.com
2009-03-18 21:27 . 2009-03-18 21:27 <DIR> d-------- c:\temp\nas
2009-03-17 20:40 . 2009-03-23 19:02 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-03-17 20:37 . 2009-03-28 17:55 9,591 --a------ c:\windows\system32\Config.MPF
2009-03-17 20:36 . 2009-03-17 20:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-03-17 20:33 . 2008-10-23 13:08 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-03-17 20:33 . 2009-01-09 12:03 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-03-17 20:33 . 2009-01-09 12:03 40,552 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-03-17 20:33 . 2009-01-09 12:03 35,272 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-03-17 20:32 . 2009-03-17 20:32 <DIR> d-------- c:\program files\McAfee.com
2009-03-17 20:32 . 2009-03-17 20:33 <DIR> d-------- c:\program files\Common Files\McAfee
2009-03-17 20:31 . 2009-03-23 19:51 <DIR> d-------- c:\program files\McAfee
2009-03-17 20:27 . 2009-01-09 12:03 34,216 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-03-17 18:36 . 2009-03-17 18:36 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-17 18:36 . 2009-03-17 18:36 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-17 18:36 . 2009-03-17 18:36 <DIR> d-------- c:\documents and settings\Dan Woodward\Application Data\SUPERAntiSpyware.com
2009-03-17 18:36 . 2009-03-17 18:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-17 16:50 . 2009-03-23 20:52 <DIR> d-------- c:\program files\Lavasoft
2009-03-17 16:50 . 2009-03-23 20:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 16:27 . 2009-03-17 16:55 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-17 16:27 . 2009-03-17 16:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-17 11:52 . 2009-03-17 11:52 <DIR> d-------- C:\00000006govbids@tekgeardirect.com3
2009-03-17 11:36 . 2009-03-17 11:36 <DIR> d-------- C:\00000006govbids@tekgeardirect.com2
2009-03-17 10:48 . 2009-03-17 10:48 <DIR> d-------- C:\00000006govbids@tekgeardirect.com1
2009-03-17 10:47 . 2009-03-17 10:47 <DIR> d-------- C:\00000006govbids@tekgeardirect.com
2009-03-14 17:30 . 2009-03-14 17:55 <DIR> d-------- c:\documents and settings\Dan Woodward\Application Data\Costco Photo Viewer US
2009-03-12 19:23 . 2009-03-12 19:23 <DIR> d-------- c:\windows\Hewlett-Packard
2009-03-12 19:20 . 2009-03-12 19:23 111,494 --a------ c:\windows\hplj3380.his
2009-03-12 19:20 . 2009-03-12 19:23 7,952 --a------ c:\windows\hplj3380.ini
2009-03-12 19:17 . 2009-03-12 19:20 <DIR> d-------- c:\temp\3XXXAM
2009-03-12 19:17 . 2009-03-18 21:27 <DIR> d-------- C:\temp
2009-03-12 19:13 . 2009-03-12 19:13 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-03-11 16:04 . 2009-03-11 16:04 <DIR> d-------- c:\windows\system32\MpEngineStore
2009-03-11 16:04 . 2009-03-11 16:04 206 --a------ c:\windows\system32\MRT.INI
2009-03-11 16:02 . 2008-04-14 06:42 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-11 08:03 . 2009-03-11 08:03 <DIR> d-------- c:\documents and settings\Dan Woodward\Application Data\webex
2009-03-10 18:46 . 2009-03-10 18:46 <DIR> d-------- c:\documents and settings\Dan Woodward\Yugma
2009-03-10 18:38 . 2009-03-10 18:38 <DIR> d-------- c:\program files\DemoForge
2009-03-08 15:02 . 2009-03-08 15:02 <DIR> d-------- c:\windows\Sun
2009-03-07 09:34 . 2009-03-07 09:34 <DIR> d-------- c:\program files\Common Files\Ahead
2009-03-07 09:34 . 2009-03-07 09:34 <DIR> d-------- c:\program files\Ahead
2009-03-07 09:34 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-03-07 09:34 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-03-07 09:34 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-03-07 09:34 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-03-07 09:34 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-03-07 09:34 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-03-07 09:34 . 2005-09-01 12:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2009-03-07 09:34 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-03-07 09:34 . 2005-09-01 12:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2009-03-05 13:03 . 2009-03-12 19:39 <DIR> d-------- C:\HPFixScan
2009-03-05 12:55 . 2009-03-05 12:55 <DIR> d-------- c:\program files\Java
2009-03-05 12:55 . 2009-03-05 12:55 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-05 12:55 . 2009-03-05 12:55 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-05 11:43 . 2009-03-28 17:57 <DIR> d-------- c:\documents and settings\Dan Woodward\Application Data\skypePM
2009-03-05 11:43 . 2009-03-05 11:43 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-05 11:37 . 2009-03-05 11:37 <DIR> dr------- c:\program files\Skype
2009-03-05 11:37 . 2009-03-05 11:37 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-05 11:37 . 2009-03-28 17:57 <DIR> d-------- c:\documents and settings\Dan Woodward\Application Data\Skype
2009-03-05 11:37 . 2009-03-05 11:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-03-05 11:01 . 2009-03-05 11:01 <DIR> d-------- c:\documents and settings\Dan Woodward\Application Data\Windows Search
2009-03-03 12:34 . 2009-03-03 12:34 <DIR> d-------- c:\documents and settings\Dan Woodward\Application Data\Windows Desktop Search
2009-03-03 12:32 . 2009-03-03 12:32 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-03 12:32 . 2009-03-03 12:32 <DIR> d-------- c:\program files\Windows Desktop Search
2009-03-03 12:29 . 2008-03-07 10:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-03-03 12:29 . 2008-03-07 10:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-03-03 12:29 . 2008-03-07 10:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-03-02 10:55 . 2009-03-02 10:55 <DIR> d-------- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 00:52 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-03-28 00:52 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-03-27 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-18 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-13 02:23 --------- d-----w c:\program files\Hewlett-Packard
2009-03-09 22:27 --------- d-----w c:\documents and settings\Dan Woodward\Application Data\Apple Computer
2009-02-26 16:39 --------- d-----w c:\documents and settings\All Users\Application Data\Applications
2009-02-26 01:49 --------- d-----w c:\program files\Common Files\Logitech
2009-02-26 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-02-25 23:45 --------- d-----w c:\program files\MSECache
2009-02-24 23:51 --------- d-----w c:\documents and settings\Dan Woodward\Application Data\Funambol
2009-02-24 23:50 --------- d-----w c:\program files\Funambol
2009-02-24 16:45 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-23 22:41 --------- d-----w c:\program files\GMATPrep
2009-02-23 22:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 05:44 --------- d-----w c:\documents and settings\All Users\Application Data\Retrospect Client
2009-02-23 05:40 --------- d-----w c:\program files\Dantz
2009-02-23 04:52 --------- d-----w c:\documents and settings\Dan Woodward\Application Data\Leadertech
2009-02-23 04:51 --------- d-----w c:\program files\Common Files\LogiShrd
2009-02-23 04:48 --------- d-----w c:\program files\Logitech
2009-02-23 04:48 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-02-23 04:43 --------- d-----w c:\program files\TIVistadriver
2009-02-23 02:40 --------- d-----w c:\documents and settings\Dan Woodward\Application Data\Blackberry Desktop
2009-02-23 02:21 --------- d-----w c:\program files\WIDCOMM
2009-02-23 01:00 --------- d-----w c:\documents and settings\Dan Woodward\Application Data\Research In Motion
2009-02-23 00:59 --------- d-----w c:\program files\Research In Motion
2009-02-23 00:59 --------- d-----w c:\program files\Common Files\Research In Motion
2009-02-23 00:17 256 ----a-w c:\documents and settings\Dan Woodward\pool.bin
2009-02-22 23:48 --------- d-----w c:\program files\Trillian
2009-02-22 23:31 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-22 22:05 --------- d-----w c:\documents and settings\Dan Woodward\Application Data\Meeting Center
2009-02-22 22:04 --------- d-----w c:\program files\Meeting Center
2009-02-22 21:50 --------- d-----w c:\program files\hp
2009-02-22 21:37 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-02-21 07:36 --------- d-----w c:\documents and settings\Dan Woodward\Application Data\AdobeUM
2009-02-21 07:08 --------- d-----w c:\program files\Common Files\Adobe
2009-02-21 07:02 --------- d-----w c:\program files\iTunes
2009-02-21 07:02 --------- d-----w c:\documents and settings\Dan Woodward\Application Data\OfficeUpdate12
2009-02-21 07:02 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-21 07:01 --------- d-----w c:\program files\QuickTime
2009-02-21 07:01 --------- d-----w c:\program files\iPod
2009-02-21 07:01 --------- d-----w c:\program files\Common Files\Apple
2009-02-21 07:01 --------- d-----w c:\program files\Bonjour
2009-02-21 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-21 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-21 07:00 --------- d-----w c:\program files\Apple Software Update
2009-02-21 07:00 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-21 06:57 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-21 06:57 --------- d-----w c:\program files\Real
2009-02-21 06:57 --------- d-----w c:\program files\Common Files\xing shared
2009-02-21 06:57 --------- d-----w c:\program files\Common Files\Real
2009-02-21 06:50 --------- d-----w c:\program files\Microsoft.NET
2009-02-21 06:42 --------- d-----w c:\documents and settings\Dan Woodward\Application Data\Bynari
2009-02-21 06:40 --------- d-----w c:\program files\Bynari, Inc
2009-02-21 06:14 --------- d-----w c:\program files\Reference Assemblies
2009-02-21 06:14 --------- d-----w c:\program files\MSBuild
2009-02-21 06:10 --------- d-----w c:\program files\Microsoft
2009-02-21 02:39 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-21 02:22 --------- d-----w c:\program files\Analog Devices
2009-02-21 02:20 --------- d-----w c:\program files\Synaptics
2009-02-21 02:19 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-21 02:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-02-21 02:19 --------- d-----w c:\program files\Fingerprint Sensor
2009-02-21 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-02-21 02:15 --------- d-----w c:\program files\Macrovision Corp
2009-02-21 02:15 --------- d-----w c:\program files\InterVideo
2009-02-21 02:15 --------- d-----w c:\program files\Common Files\InterVideo
2009-02-21 02:15 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-21 02:15 --------- d-----w c:\documents and settings\Dan Woodward\Application Data\InstallShield
2009-02-21 02:05 --------- d-----w c:\program files\Microsoft Works
2009-02-21 01:39 --------- d-----w c:\program files\Broadcom
2009-02-21 01:11 --------- d-----w c:\program files\microsoft frontpage
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-19 22:08 524,288 ----a-w c:\windows\opuc.dll
2009-01-23 11:19 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-01-23 11:19 126,360 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-01-23 11:21 46,408 ----a-w c:\program files\mozilla firefox\plugins\atmccli.dll
2009-03-11 15:03 98,712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-05 184320]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 148888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-02-20 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-20 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-27 581693]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-02-20 184320]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"497:TCP"= 497:TCP:Retrospect-TCP
"497:UDP"= 497:UDP:Retrospect-UDP

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-03-17 210216]
R2 Retrospect Client;Retrospect Client;c:\program files\Dantz\Client\RemotSvc.exe [2009-02-22 53248]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2009-02-22 88192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-28 c:\windows\Tasks\Funambol Outlook Sync Client - Dan Woodward.job
- c:\program files\Funambol\Outlook Plug-in\OutlookPlugin.exe []

2009-03-18 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-03-18 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-03-29 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_FUSION-MOBILE64_Dan Woodward.job
- c:\windows\system32\mobsync.exe [2008-04-14 06:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Dan Woodward\Application Data\Mozilla\Firefox\Profiles\g9bh3s9q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 17:57:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Dantz\Client\retroclient.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2009-03-28 18:00:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-29 01:00:46

Pre-Run: 23,974,641,664 bytes free
Post-Run: 24,502,206,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

339 --- E O F --- 2009-03-11 23:09:42


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:05 PM, on 3/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1235182602546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Client\rthlpsvc.exe

--
End of file - 12088 bytes

#15 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 March 2009 - 10:29 AM

Hi,

Open Notepad.
Copy this code into the Notepad-file:

File::
c:\windows\system32\ezsidmv.dat

Dirlook::
c:\temp\nas
c:\temp\3XXXAM
c:\temp
C:\00000006govbids@tekgeardirect.com

Save the file as CFScript.txt

Now drag CFScript.txt into ComboFix.exe
Posted Image
ComboFix will restart.
When ComboFix is finished, this could be after a reboot, a logfile will open.
Post the contents of that logfile in your next reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users