Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this help


  • This topic is locked This topic is locked
49 replies to this topic

#1 SeanC

SeanC

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 10 April 2009 - 07:44 PM

for the last three days i have done nothing on my computer but attempt to stop the google links being redirected. My cpu is running unusually high as well. last night when i came home there were at least 30 windows open on my computer with various ads and fake spyware scans. I have tried scanning with spyware doctor and it found 7 infections that i took care of. This did not solve the problem however and i need help!

When i ran hijack this this is the log file:
===============================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:02 PM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29B4FAED-0973-40D7-AE62-106AB597D3DD} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236723784376
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: __c005937E - C:\WINDOWS\system32\__c005937E.dat (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6066 bytes
=====================================================================================


any help is very much appreciated!

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:18 PM

Posted 11 April 2009 - 08:52 AM

Hello SeanC :thumbup2: Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





Please perform the following:



Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 SeanC

SeanC
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 12 April 2009 - 10:44 AM

Thank you very much for taking the time to help me with this.

This is the log from kaspersky:
======================================================================
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, April 12, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, April 12, 2009 05:23:56
Records in database: 2036368
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Infected: :
Files scanned: 110600
Threat name: 6
Infected objects: 33
Suspicious objects: 0
Infected: : 04:17:24


File name / Threat name / Threats count
C:\WINDOWS\system32\atmli.dll/C:\WINDOWS\system32\atmli.dll Infected: Rootkit.Win32.Podnuha.cbs 2
C:\Documents and Settings\Sean\Local Settings\Temp\Acr44.tmp Infected: Exploit.Win32.Pidief.aoz 1
C:\Documents and Settings\Sean\Temporary Internet Files\Content.IE5\H3O8FK0H\ads[1].htm Infected: Trojan-Clicker.HTML.IFrame.afk 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090410-200512-936.dll Infected: Rootkit.Win32.Podnuha.cbs 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090410-200618-746.dll Infected: Rootkit.Win32.Podnuha.cbs 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090410-205658-444.dll Infected: Rootkit.Win32.Podnuha.cbs 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090411-112440-189.dll Infected: Rootkit.Win32.Podnuha.cbs 1
C:\WINDOWS\system32\asycfil.dll Infected: Rootkit.Win32.Podnuha.cbn 1
C:\WINDOWS\system32\atmli.dll Infected: Rootkit.Win32.Podnuha.cbs 1
C:\WINDOWS\system32\auth.dll Infected: Rootkit.Win32.Podnuha.cbn 1
C:\WINDOWS\system32\basesr.dll Infected: Rootkit.Win32.Podnuha.cbn 1
C:\WINDOWS\system32\cd.dll Infected: Rootkit.Win32.Podnuha.cbn 1
C:\WINDOWS\system32\__c00247E1.exe Infected: Rootkit.Win32.Podnuha.cbi 1
C:\WINDOWS\system32\__c0027A36.exe Infected: Rootkit.Win32.Podnuha.cbl 1
C:\WINDOWS\system32\__c0031151.exe Infected: Rootkit.Win32.Podnuha.cbi 1
C:\WINDOWS\system32\__c004EA28.exe Infected: Rootkit.Win32.Podnuha.cbi 1
C:\WINDOWS\system32\__c0051C7D.exe Infected: Rootkit.Win32.Podnuha.cbl 1
C:\WINDOWS\system32\__c005B395.exe Infected: Rootkit.Win32.Podnuha.cbi 1
C:\WINDOWS\system32\__c006F0C.exe Infected: Rootkit.Win32.Podnuha.cbl 1
C:\WINDOWS\system32\__c0078C70.exe Infected: Rootkit.Win32.Podnuha.cbl 1
C:\WINDOWS\system32\__c0082379.exe Infected: Rootkit.Win32.Podnuha.cbl 1
C:\WINDOWS\system32\__c00855DA.exe Infected: Rootkit.Win32.Podnuha.cbi 1
C:\WINDOWS\system32\__c00A2EB8.exe Infected: Rootkit.Win32.Podnuha.cbl 1
C:\WINDOWS\system32\__c00A610B.exe Infected: Rootkit.Win32.Podnuha.cbl 1
C:\WINDOWS\system32\__c00AF81F.exe Infected: Rootkit.Win32.Podnuha.cbi 1
C:\WINDOWS\system32\__c00B2A84.exe Infected: Rootkit.Win32.Podnuha.cbl 1
C:\WINDOWS\system32\__c00CD100.exe Infected: Rootkit.Win32.Podnuha.cbl 1
C:\WINDOWS\system32\__c00D0352.exe Infected: Rootkit.Win32.Podnuha.cbi 1
C:\WINDOWS\system32\__c00D9A64.exe Infected: Rootkit.Win32.Podnuha.cbi 1
C:\WINDOWS\system32\__c00DCCC8.exe Infected: Rootkit.Win32.Podnuha.cbi 1
C:\WINDOWS\system32\__c00FA599.exe Infected: Rootkit.Win32.Podnuha.cbi 1
C:\WINDOWS\system32\__c00FD7EF.exe Infected: Rootkit.Win32.Podnuha.cbl 1

Infected:
=========================================================================================

RSIT log file:
=========================================================
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sean at 2009-04-12 11:39:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (30%) free of 63 GB
Total RAM: 2495 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:27 AM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sean\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sean.exe

O2 - BHO: (no name) - {29B4FAED-0973-40D7-AE62-106AB597D3DD} - C:\WINDOWS\system32\atmli.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236723784376
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: __c005937E - C:\WINDOWS\system32\__c005937E.dat (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5810 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29B4FAED-0973-40D7-AE62-106AB597D3DD}]
C:\WINDOWS\system32\atmli.dll [2008-04-13 97792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-18 7585792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F635E3A8.exe]
C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00F635E3A8.exe [2009-04-09 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-05-30 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series]
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [2008-02-20 476456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-01 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
regsvr32 /s mqrt.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-08-18 7585792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2006-08-18 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /nodetect []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-12 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\CREATOR\Remind_XP.exe [2006-02-09 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-11 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-04-01 761946]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c005937E]
C:\WINDOWS\system32\__c005937E.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\SETUP.EXE
shell\configure\command - J:\SETUP.EXE
shell\install\command - J:\SETUP.EXE


======List of files/folders created in the last 1 months======

2009-04-12 11:39:07 ----D---- C:\rsit
2009-04-10 19:56:03 ----D---- C:\Program Files\Trend Micro
2009-04-10 00:44:50 ----A---- C:\WINDOWS\system32\__c0082379.exe
2009-04-10 00:40:44 ----A---- C:\WINDOWS\system32\cd.dll
2009-04-10 00:40:42 ----A---- C:\WINDOWS\system32\__c005B395.exe
2009-04-10 00:38:23 ----A---- C:\WINDOWS\system32\__c00855DA.exe
2009-04-10 00:35:05 ----A---- C:\WINDOWS\system32\__c00AF81F.exe
2009-04-10 00:33:09 ----A---- C:\WINDOWS\system32\__c00D9A64.exe
2009-04-10 00:18:09 ----A---- C:\WINDOWS\system32\__c00B2A84.exe
2009-04-10 00:16:03 ----A---- C:\WINDOWS\system32\__c00DCCC8.exe
2009-04-10 00:12:05 ----A---- C:\WINDOWS\system32\__c006F0C.exe
2009-04-10 00:08:21 ----A---- C:\WINDOWS\system32\__c0031151.exe
2009-04-10 00:06:42 ----A---- C:\WINDOWS\system32\asycfil.dll
2009-04-10 00:06:41 ----A---- C:\WINDOWS\system32\__c004EA28.exe
2009-04-09 22:07:22 ----A---- C:\WINDOWS\system32\__c0078C70.exe
2009-04-09 21:19:57 ----A---- C:\WINDOWS\system32\__c00A2EB8.exe
2009-04-09 21:14:04 ----A---- C:\WINDOWS\system32\__c00CD100.exe
2009-04-09 21:00:46 ----A---- C:\WINDOWS\system32\atmli.dll
2009-04-09 21:00:45 ----A---- C:\WINDOWS\system32\__c00A610B.exe
2009-04-09 20:55:26 ----A---- C:\WINDOWS\system32\__c00D0352.exe
2009-04-09 20:52:44 ----A---- C:\WINDOWS\system32\auth.dll
2009-04-09 20:52:43 ----A---- C:\WINDOWS\system32\__c00FA599.exe
2009-04-09 20:43:24 ----A---- C:\WINDOWS\system32\basesr.dll
2009-04-09 20:43:21 ----A---- C:\WINDOWS\system32\__c00247E1.exe
2009-04-09 20:39:51 ----A---- C:\WINDOWS\system32\__c00FD7EF.exe
2009-04-09 20:32:04 ----A---- C:\WINDOWS\system32\__c0027A36.exe
2009-04-09 20:29:38 ----A---- C:\WINDOWS\system32\__c0051C7D.exe
2009-04-02 18:52:14 ----D---- C:\WINDOWS\Sun
2009-04-02 18:52:14 ----D---- C:\Documents and Settings\Sean\Application Data\Sun
2009-04-01 18:34:17 ----D---- C:\Documents and Settings\Sean\Application Data\Apple Computer
2009-04-01 18:31:20 ----D---- C:\Program Files\QuickTime
2009-04-01 18:31:19 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-04-01 18:30:59 ----D---- C:\Program Files\Apple Software Update
2009-04-01 18:30:59 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-03-31 18:22:19 ----A---- C:\WINDOWS\uninst.exe
2009-03-26 21:09:30 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-03-26 21:09:14 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-03-23 17:48:21 ----A---- C:\WINDOWS\system32\HDJAsiou.dll
2009-03-23 17:48:21 ----A---- C:\WINDOWS\system32\HDJAsioCpl.dll
2009-03-22 18:34:05 ----A---- C:\WINDOWS\system32\HerculesDJDevices.dll
2009-03-22 13:01:20 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-03-22 13:01:11 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-03-22 13:00:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-22 13:00:29 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2009-03-22 12:56:12 ----D---- C:\Program Files\Guillemot
2009-03-22 12:56:09 ----A---- C:\WINDOWS\system32\HRFDongle.dll
2009-03-22 12:56:09 ----A---- C:\WINDOWS\system32\HDJSAPI.dll
2009-03-22 12:56:09 ----A---- C:\WINDOWS\system32\HDJAPI.dll
2009-03-22 12:55:59 ----D---- C:\Program Files\Hercules
2009-03-17 03:36:46 ----D---- C:\Program Files\MP3Recorder
2009-03-16 22:54:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-15 19:24:14 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-14 00:44:14 ----D---- C:\Documents and Settings\Sean\Application Data\Ahead
2009-03-14 00:43:37 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2009-03-14 00:41:07 ----D---- C:\Program Files\Nero
2009-03-14 00:41:07 ----D---- C:\Program Files\Common Files\Ahead
2009-03-14 00:41:07 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-03-14 00:40:03 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-03-14 00:40:02 ----A---- C:\WINDOWS\system32\d3dx9_28.dll

======List of files/folders modified in the last 1 months======

2009-04-12 11:39:01 ----D---- C:\WINDOWS\Prefetch
2009-04-12 09:13:54 ----D---- C:\WINDOWS\temp
2009-04-12 03:06:36 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-04-12 02:05:14 ----D---- C:\WINDOWS\system32
2009-04-12 02:05:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-12 02:01:00 ----D---- C:\WINDOWS\Registration
2009-04-12 02:00:35 ----D---- C:\WINDOWS
2009-04-12 01:34:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-11 13:13:45 ----D---- C:\Documents and Settings\Sean\Application Data\uTorrent
2009-04-11 11:18:46 ----D---- C:\Program Files\Soulseek
2009-04-10 22:19:00 ----SD---- C:\Documents and Settings\Sean\Application Data\Microsoft
2009-04-10 20:33:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-10 19:57:36 ----RASH---- C:\boot.ini
2009-04-10 19:57:36 ----A---- C:\WINDOWS\win.ini
2009-04-10 19:57:36 ----A---- C:\WINDOWS\system.ini
2009-04-10 19:56:03 ----D---- C:\Program Files
2009-04-10 19:03:04 ----SHD---- C:\System Volume Information
2009-04-10 19:03:04 ----D---- C:\WINDOWS\system32\Restore
2009-04-10 19:01:09 ----D---- C:\WINDOWS\system32\drivers
2009-04-10 18:23:48 ----D---- C:\QUARANTINE
2009-04-10 01:20:06 ----A---- C:\hpqp.ini
2009-04-10 01:19:20 ----A---- C:\XP_TV.ini
2009-04-01 18:32:22 ----SHD---- C:\Config.Msi
2009-04-01 18:32:11 ----SHD---- C:\WINDOWS\Installer
2009-03-31 21:08:08 ----HD---- C:\WINDOWS\inf
2009-03-31 18:23:25 ----D---- C:\WINDOWS\Help
2009-03-31 18:23:19 ----HD---- C:\Program Files\Uninstall Information
2009-03-23 17:48:14 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-22 12:56:02 ----D---- C:\WINDOWS\WinSxS
2009-03-22 12:56:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-22 12:55:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-14 21:12:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-14 00:51:16 ----D---- C:\Program Files\Common Files\LightScribe
2009-03-14 00:42:55 ----D---- C:\WINDOWS\ehome
2009-03-14 00:41:07 ----D---- C:\Program Files\Common Files
2009-03-14 00:40:04 ----D---- C:\WINDOWS\system32\DirectX
2009-03-13 03:06:26 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-01-24 52104]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-01 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-19 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-19 208000]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-07-18 41752]
R3 MA_CMIDI;M-Audio USB Driver; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2007-11-14 31752]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-01-24 64232]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-01-24 72936]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-01-24 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-01-24 171400]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-18 3687552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-02 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-02 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 11136]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-07-18 1278104]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-31 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-31 308992]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SeratoUsb;SeratoUsb driver; C:\WINDOWS\System32\Drivers\SeratoUsb.sys [2006-03-16 35712]
R3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
R3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-01 193056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-19 727296]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 Bulk;HDJBulk; C:\WINDOWS\System32\Drivers\HDJBulk.sys [2008-01-23 29312]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HDJAsioK;HDJAsioK; C:\WINDOWS\System32\Drivers\HDJAsioK.sys [2008-02-22 131200]
S3 HDJMidi;Hercules DJ Console Rmx MIDI; C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2008-01-29 77056]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-13 874240]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2007-10-25 103744]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2008-01-24 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-01-24 54608]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-13 117248]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-18 143426]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------
========================================================================


RSIT info.txt file:
====================================================================================
info.txt logfile of random's system information tool 1.06 2009-04-12 11:39:32

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Free MP3 Recorder 1.0-->"C:\Program Files\MP3Recorder\unins000.exe"
Hercules DJ Products Series drivers-->C:\Program Files\InstallShield Installation Information\{33999F1F-EA46-4E55-A239-1BA803235396}\setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Quick Launch Buttons 6.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0031-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Live 7.0.3-->C:\PROGRA~1\Ableton\LIVE70~1.3\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE70~1.3\Install\INSTALL.LOG
Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MIDI-OX-->MsiExec.exe /I{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 7 Premium-->MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Scratch LIVE 1.8.3 (18302)-->MsiExec.exe /I{496DB87F-2D95-4924-8AE9-7DC6EFE0C081}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Series II MIDI-->C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe -runfromtemp -l0x0009 -removeonly
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
SonicAC3Encoder-->MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder-->MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Sony DVD Architect 4.0-->MsiExec.exe /X{219CB444-F2B6-4A17-8A76-BB7847F3DB26}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Vongo-->MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB915381-->"C:\WINDOWS\$NtUninstallKB915381$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Home Network Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-04-10]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dangerdanger.org/ [2009-04-10]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-04-10]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-04-10]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-04-10]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop [2009-04-10]
O1 - Hosts: 91.212.65.127 spywareprotector-2009.com [2009-04-10]
O1 - Hosts: 91.212.65.127 www.spywareprotector-2009.com [2009-04-10]
O1 - Hosts: 91.212.65.127 secure.spywareprotector-2009.com [2009-04-10]
O1 - Hosts: ::1 localhost [2009-04-10]
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM') [2009-04-10]
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') [2009-04-10]
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') [2009-04-10]
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [2009-04-10]
O2 - BHO: (no name) - {29B4FAED-0973-40D7-AE62-106AB597D3DD} - C:\WINDOWS\system32\atmli.dll [2009-04-10]
O2 - BHO: (no name) - {29B4FAED-0973-40D7-AE62-106AB597D3DD} - C:\WINDOWS\system32\atmli.dll [2009-04-10]
O2 - BHO: (no name) - {29B4FAED-0973-40D7-AE62-106AB597D3DD} - C:\WINDOWS\system32\atmli.dll [2009-04-10]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2009-04-10]
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2009-04-10]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2009-04-10]
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-04-10]
O2 - BHO: (no name) - {29B4FAED-0973-40D7-AE62-106AB597D3DD} - C:\WINDOWS\system32\atmli.dll [2009-04-11]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan Enterprise
FW: Norton Internet Worm Protection (disabled)

======System event log======

Computer Name: DSHIZNIT
Event Code: 1002
Message: The IP address lease 192.168.1.107 for the Network Card with network address 0016369FCB7B has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 3821
Source Name: Dhcp
Time Written: 20090401092448.000000-240
Event Type: error
User:

Computer Name: DSHIZNIT
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016369FCB7B. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 3818
Source Name: Dhcp
Time Written: 20090401060657.000000-240
Event Type: warning
User:

Computer Name: DSHIZNIT
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3817
Source Name: Tcpip
Time Written: 20090331190004.000000-240
Event Type: warning
User:

Computer Name: DSHIZNIT
Event Code: 256
Message: Timed out sending notification of device interface change to window of "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"

Record Number: 3797
Source Name: PlugPlayManager
Time Written: 20090331101807.000000-240
Event Type: warning
User:

Computer Name: DSHIZNIT
Event Code: 256
Message: Timed out sending notification of device interface change to window of "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"

Record Number: 3796
Source Name: PlugPlayManager
Time Written: 20090331101807.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: DSHIZNIT
Event Code: 1517
Message: Windows saved user DSHIZNIT\Sean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1040
Source Name: Userenv
Time Written: 20090311013233.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DSHIZNIT
Event Code: 1517
Message: Windows saved user DSHIZNIT\Sean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1007
Source Name: Userenv
Time Written: 20090309231509.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DSHIZNIT
Event Code: 258
Message: The update failed; see event log.

Record Number: 993
Source Name: McLogEvent
Time Written: 20090308142058.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DSHIZNIT
Event Code: 1517
Message: Windows saved user DSHIZNIT\Sean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 983
Source Name: Userenv
Time Written: 20090307023510.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DSHIZNIT
Event Code: 1517
Message: Windows saved user DSHIZNIT\Sean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 926
Source Name: Userenv
Time Written: 20090305195653.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PCTYPE"=PAVILION
"PLATFORM"=MCD
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------
====================================================================================

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:18 PM

Posted 12 April 2009 - 04:27 PM

You're welcome! :thumbup2:



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HJT log.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 SeanC

SeanC
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 12 April 2009 - 08:42 PM

The hijack is getting worse!

Internet explorer wont follow any links now and it is incredibly hard to use the internet

when i try to download combofix from the links you posted, the file downloads completely and then does not save to my computer. When the file save is attempted an error message appears saying "Cannot copy Combofix[1]: Access is denied. Make sure disk is not full or write protected and that file is not currently in use." My computer is far from being full and is not write protected. the file is not currently in use because if it was I would have acheived my goal. I tried running the file directly from the link and nothing executes after download has completed.

I can see my computer getting worse.... What should i do?

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:18 PM

Posted 13 April 2009 - 08:24 AM

Let's try this first:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 SeanC

SeanC
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 13 April 2009 - 09:20 AM

i tried renaming the file... no luck. i get the same result (full download followed by no file save)

when i download other files from other sites i dont have this problem though. i followed other links to find combofix from other sites as well and the same thing happens. why do u think this is happening?

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:18 PM

Posted 13 April 2009 - 09:39 AM

It's probably the infection itself blocking you. Let's try MBAM and see if we have any luck with it:



Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.



If you can get it to run post the log from it and a new HJT log also.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 SeanC

SeanC
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 14 April 2009 - 01:30 AM

This seems to have worked really well!!!!

log from MBAM:
=======================================
Malwarebytes' Anti-Malware 1.36
Database version: 1979
Windows 5.1.2600 Service Pack 3

4/14/2009 2:19:44 AM
mbam-log-2009-04-14 (02-19-44).txt

Scan type: Quick Scan
Objects scanned: 80722
Time elapsed: 15 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 147
Registry Values Infected: 13
Registry Data Items Infected: 2
Folders Infected: 16
Files Infected: 101

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c005937e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006F0C.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00247E1.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0027A36.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0031151.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004EA28.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0051C7D.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c005B395.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0078C70.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0082379.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00855DA.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00A2EB8.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00A610B.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00AF81F.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00B2A84.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00CD100.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D0352.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D9A64.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00DCCC8.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00FA599.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00FD7EF.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sean\Local Settings\Temp\yzdbsonp.dat (Rootkit.Agent) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E7127A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E71588 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E71691.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E7177C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E71866.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E71A0C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00E71B35.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iehelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


==========================================================





This is the log from RSIT:
=============================================================
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sean at 2009-04-14 02:25:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (26%) free of 63 GB
Total RAM: 2495 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:31 AM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sean\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sean.exe

O2 - BHO: (no name) - {29B4FAED-0973-40D7-AE62-106AB597D3DD} - C:\WINDOWS\system32\atmli.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236723784376
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5777 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29B4FAED-0973-40D7-AE62-106AB597D3DD}]
C:\WINDOWS\system32\atmli.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-18 7585792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F635E3A8.exe]
C:\DOCUME~1\Sean\LOCALS~1\Temp\_A00F635E3A8.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-05-30 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series]
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [2008-02-20 476456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-01 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
regsvr32 /s mqrt.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-08-18 7585792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2006-08-18 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /nodetect []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-12 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\CREATOR\Remind_XP.exe [2006-02-09 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-11 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-04-01 761946]

C:\Documents and Settings\Sean\Start Menu\Programs\StartUp
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\SETUP.EXE
shell\configure\command - J:\SETUP.EXE
shell\install\command - J:\SETUP.EXE


======List of files/folders created in the last 1 months======

2009-04-14 01:28:20 ----D---- C:\Documents and Settings\Sean\Application Data\Malwarebytes
2009-04-14 01:28:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-14 01:28:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-13 17:20:14 ----D---- C:\Program Files\GIF Movie Gear
2009-04-13 16:55:42 ----D---- C:\Program Files\Advanced GIF Animator
2009-04-13 16:50:20 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2009-04-13 16:49:58 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-04-12 11:39:07 ----D---- C:\rsit
2009-04-10 19:56:03 ----D---- C:\Program Files\Trend Micro
2009-04-02 18:52:14 ----D---- C:\WINDOWS\Sun
2009-04-02 18:52:14 ----D---- C:\Documents and Settings\Sean\Application Data\Sun
2009-04-01 18:34:17 ----D---- C:\Documents and Settings\Sean\Application Data\Apple Computer
2009-04-01 18:31:20 ----D---- C:\Program Files\QuickTime
2009-04-01 18:31:19 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-04-01 18:30:59 ----D---- C:\Program Files\Apple Software Update
2009-04-01 18:30:59 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-03-31 18:22:19 ----A---- C:\WINDOWS\uninst.exe
2009-03-26 21:09:30 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-03-26 21:09:14 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-03-23 17:48:21 ----A---- C:\WINDOWS\system32\HDJAsiou.dll
2009-03-23 17:48:21 ----A---- C:\WINDOWS\system32\HDJAsioCpl.dll
2009-03-22 18:34:05 ----A---- C:\WINDOWS\system32\HerculesDJDevices.dll
2009-03-22 13:01:20 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-03-22 13:01:11 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-03-22 13:00:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-22 13:00:29 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2009-03-22 12:56:12 ----D---- C:\Program Files\Guillemot
2009-03-22 12:56:09 ----A---- C:\WINDOWS\system32\HRFDongle.dll
2009-03-22 12:56:09 ----A---- C:\WINDOWS\system32\HDJSAPI.dll
2009-03-22 12:56:09 ----A---- C:\WINDOWS\system32\HDJAPI.dll
2009-03-22 12:55:59 ----D---- C:\Program Files\Hercules
2009-03-17 03:36:46 ----D---- C:\Program Files\MP3Recorder
2009-03-16 22:54:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-15 19:24:14 ----A---- C:\WINDOWS\NeroDigital.ini

======List of files/folders modified in the last 1 months======

2009-04-14 02:22:30 ----D---- C:\WINDOWS\temp
2009-04-14 02:22:26 ----D---- C:\WINDOWS\Registration
2009-04-14 02:21:59 ----D---- C:\WINDOWS
2009-04-14 02:21:08 ----D---- C:\WINDOWS\system32\drivers
2009-04-14 02:20:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-14 02:20:23 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-04-14 02:20:05 ----D---- C:\WINDOWS\Prefetch
2009-04-14 02:19:44 ----D---- C:\Program Files
2009-04-14 02:19:43 ----D---- C:\WINDOWS\system32
2009-04-14 02:19:43 ----D---- C:\Program Files\Internet Explorer
2009-04-13 23:49:24 ----D---- C:\Documents and Settings\Sean\Application Data\uTorrent
2009-04-13 16:59:23 ----D---- C:\Documents and Settings\Sean\Application Data\Adobe
2009-04-13 16:55:50 ----SHD---- C:\WINDOWS\Installer
2009-04-13 16:55:49 ----SHD---- C:\Config.Msi
2009-04-13 16:55:47 ----D---- C:\Program Files\Adobe
2009-04-13 16:52:34 ----D---- C:\Program Files\Common Files\Adobe
2009-04-13 16:49:58 ----D---- C:\Program Files\Common Files
2009-04-13 16:48:38 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-13 10:17:48 ----D---- C:\QUARANTINE
2009-04-13 10:17:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-12 23:17:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-12 16:53:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-11 11:18:46 ----D---- C:\Program Files\Soulseek
2009-04-10 22:19:00 ----SD---- C:\Documents and Settings\Sean\Application Data\Microsoft
2009-04-10 19:57:36 ----RASH---- C:\boot.ini
2009-04-10 19:57:36 ----A---- C:\WINDOWS\win.ini
2009-04-10 19:57:36 ----A---- C:\WINDOWS\system.ini
2009-04-10 19:03:04 ----SHD---- C:\System Volume Information
2009-04-10 19:03:04 ----D---- C:\WINDOWS\system32\Restore
2009-04-10 01:20:06 ----A---- C:\hpqp.ini
2009-04-10 01:19:20 ----A---- C:\XP_TV.ini
2009-03-31 21:08:08 ----HD---- C:\WINDOWS\inf
2009-03-31 18:23:25 ----D---- C:\WINDOWS\Help
2009-03-31 18:23:19 ----HD---- C:\Program Files\Uninstall Information
2009-03-23 17:48:14 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-22 12:56:02 ----D---- C:\WINDOWS\WinSxS
2009-03-22 12:56:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-22 12:55:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-19 15:47:31 ----D---- C:\Documents and Settings\Sean\Application Data\Ahead

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-01-24 52104]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-01 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-19 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-19 208000]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-07-18 41752]
R3 MA_CMIDI;M-Audio USB Driver; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2007-11-14 31752]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-01-24 64232]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-01-24 72936]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-01-24 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-01-24 171400]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-18 3687552]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-02 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 11136]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-07-18 1278104]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-31 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-31 308992]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SeratoUsb;SeratoUsb driver; C:\WINDOWS\System32\Drivers\SeratoUsb.sys [2006-03-16 35712]
R3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
R3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-01 193056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-19 727296]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 Bulk;HDJBulk; C:\WINDOWS\System32\Drivers\HDJBulk.sys [2008-01-23 29312]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HDJAsioK;HDJAsioK; C:\WINDOWS\System32\Drivers\HDJAsioK.sys [2008-02-22 131200]
S3 HDJMidi;Hercules DJ Console Rmx MIDI; C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2008-01-29 77056]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-02 34176]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-13 874240]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2007-10-25 103744]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2008-01-24 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-01-24 54608]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-13 117248]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-18 143426]
S2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-13 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------
==================================================



Again, thank you very much for helping me with this... i was very close to a complete system restore and now hopefully you helped me fix everything.

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:18 PM

Posted 14 April 2009 - 07:57 AM

You're welcome, I like doing it.


You had a lot of infections on your machine so let's do another scan with MBAM except this time check Perform Full Scan instead of Perform Quick Scan. This will take a little longer to run. After running MBAM please run the GMER scan below.



We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



After completion please post both the MBAM log as well as the one GMER produces.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 SeanC

SeanC
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 15 April 2009 - 09:15 AM

MBAM log:
===================================================
Malwarebytes' Anti-Malware 1.36
Database version: 1979
Windows 5.1.2600 Service Pack 3

4/14/2009 11:32:32 PM
mbam-log-2009-04-14 (23-32-29).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 194645
Time elapsed: 2 hour(s), 19 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Sean\Local Settings\Temp\yzdbsonp.dat (Rootkit.Agent) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090412-232150-167.dll (Adware.MyWeb) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090412-232150-312.dll (Adware.MyWeb) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP2\A0000100.DLL (Adware.FunWeb) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000219.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000220.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000221.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000222.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000223.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000224.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000225.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000226.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000227.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000228.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000229.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000230.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000232.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000233.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000234.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000235.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000237.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000238.exe (Trojan.Vundo.V) -> No action taken.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP4\A0000236.exe (Trojan.Vundo.V) -> No action taken.
G:\Programs\Sony Vegas 7 + DVD Architect 4\DVD Architect 4.0.125\Sony DVD Architect v4.0 Keygen.exe (Trojan.Downloader) -> No action taken.
G:\Programs\Sony Vegas 7 + DVD Architect 4\Vegas 7.0a\Sony Vegas v7.0a Keygen.exe (Trojan.Downloader) -> No action taken.

=============================================================================





GMER log
================================================================================
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-15 08:57:15
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB786C8BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB786C83B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB786C8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB786C84F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB786C87B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB786C90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB786C827]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB786C8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB786C865]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB786C891]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB786C8A7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB786C925]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB786C8F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B786C8FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? asswgkd.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F8A
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070089
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F6D
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700B5
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F2D
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F3E
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F12
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 000700A4
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000700C6
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060058
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060F9B
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0006003D
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050047
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!system 77C293C7 5 Bytes JMP 0005002C
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FBC
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\services.exe[892] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90071
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90F7C
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90056
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90F8D
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90025
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F90F44
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F9008C
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F90F0E
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F1F
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F900CC
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F90F9E
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F90F61
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F90FB9
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F90FDE
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F9009D
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F80FA8
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F8001B
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F80F68
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00F8000A
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F80F83
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70F8B
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70016
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70FC1
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70FA6
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F70FD2
.text C:\WINDOWS\system32\lsass.exe[904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02410000
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02410F7A
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02410065
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02410F8B
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0241004A
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02410FC3
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02410F53
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0241009B
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02410F13
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024100B6
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02410F02
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02410FB2
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02410025
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02410080
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02410FD4
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02410FEF
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02410F38
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF005B
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [1F, 89]
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE005D
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE004C
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FD2
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0027
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FE3
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D800AE
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D80089
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D80078
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D8005B
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D80036
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D80F77
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D800BF
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D800FC
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D800EB
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D80F52
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D80FAF
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D80F94
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D80025
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D80FD4
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D800D0
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D70036
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D70F9E
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D70FE5
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D7001B
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D70FB9
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D7005B
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D70FCA
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D60F9C
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D60027
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D60FC8
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D6000C
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D60FB7
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D60FE3
.text C:\WINDOWS\system32\svchost.exe[1128] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E00000
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E00F70
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E00F81
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E0005B
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E00F9E
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E0001B
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E0009D
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E0008C
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E00F15
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E000B8
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02E000C9
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02E00036
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02E00FDB
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02E00F55
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02E00FAF
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02E00FCA
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02E00F3A
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02DE0040
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02DE0F83
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02DE002F
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02DE0FEF
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02DE0F94
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02DE0000
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02DE0FAF
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [FE, 8A]
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02DE0FCA
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02DD0075
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!system 77C293C7 5 Bytes JMP 02DD0050
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02DD002E
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02DD0000
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02DD003F
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02DD0011
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02DC0FEF
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02DF0FEF
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02DF0FD4
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02DF000A
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02DF001B
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007D0F50
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007D004F
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007D0034
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007D0F6B
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007D0FA1
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007D0F22
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007D006A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D00AA
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D0F11
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007D00CF
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 007D0F86
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007D0FD4
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 007D0F3F
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 007D0FB2
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 007D0FC3
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007D008F
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007C0FBC
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007C0F6B
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007C0FCD
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007C0FDE
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007C0F86
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007C0FEF
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 007C0FA1
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [9C, 88]
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007C0028
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007B0042
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!system 77C293C7 5 Bytes JMP 007B0FB7
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007B0FD2
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007B0FE3
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007B0027
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007B000C
.text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007A0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreateFileA 7C801A28 3 Bytes JMP 010C0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreateFileA + 4 7C801A2C 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 3 Bytes JMP 010C0F77
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!VirtualProtectEx + 4 7C801A65 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 3 Bytes JMP 010C0F88
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!VirtualProtect + 4 7C801AD8 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010C0062
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 3 Bytes JMP 010C0051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!LoadLibraryExA + 4 7C801D57 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 3 Bytes JMP 010C0FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!LoadLibraryA + 4 7C801D7F 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!GetStartupInfoW 7C801E54 3 Bytes JMP 010C0093
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!GetStartupInfoW + 4 7C801E58 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010C0F41
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreateProcessW 7C802336 3 Bytes JMP 010C00C6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreateProcessW + 4 7C80233A 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreateProcessA 7C80236B 3 Bytes JMP 010C00B5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreateProcessA + 4 7C80236F 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!GetProcAddress 7C80AE30 3 Bytes JMP 010C00D7
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!GetProcAddress + 4 7C80AE34 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!LoadLibraryW 7C80AEDB 3 Bytes JMP 010C0036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!LoadLibraryW + 4 7C80AEDF 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreateFileW 7C8107F0 3 Bytes JMP 010C0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreateFileW + 4 7C8107F4 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 010C0F52
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 010C0FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 010C001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 010C00A4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 010B002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 010B006C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 010B001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 010B0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 010B0FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 010B0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 010B0051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 010B0FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010A0FAB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] msvcrt.dll!system 77C293C7 5 Bytes JMP 010A0036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010A0FC6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010A0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010A001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010A0FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01090000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] WinInet.dll!InternetOpenA 7806C865 5 Bytes JMP 00EC0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] WinInet.dll!InternetOpenW 7806CE99 5 Bytes JMP 00EC001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] WinInet.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00EC0FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1384] WinInet.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00EC0FC0
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C7007F
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C70F8A
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C70F9B
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C7004E
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C70022
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C700BC
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C700A1
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C700CD
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C70F34
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C700DE
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C7003D
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C70FE5
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C70090
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C70FC0
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C70011
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C70F4F
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00A10FB9
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00A10047
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00A1000A
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00A10036
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00A1001B
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00A10F94
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A0005A
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A0003F
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A0002E
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A00FD9
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A00011
.text C:\WINDOWS\system32\svchost.exe[1444] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00A20FDE
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00A20014
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00A20025
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 020B0000
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 020B0F55
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 020B0F70
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 020B0F8D
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 020B004A
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 020B0FB9
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 020B0F27
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 020B0F44
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 020B00AC
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 020B009B
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 020B00C7
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 020B0FA8
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 020B001B
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 020B0065
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 020B0FD4
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 020B0FE5
.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 020B0080
.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01D10036
.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01D10F91
.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01D10025
.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01D1000A
.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01D10FAC
.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01D10FEF
.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01D10058
.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01D10047
.text C:\WINDOWS\Explorer.EXE[1788] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0FB7
.text C:\WINDOWS\Explorer.EXE[1788] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0042
.text C:\WINDOWS\Explorer.EXE[1788] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FD9
.text C:\WINDOWS\Explorer.EXE[1788] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0000
.text C:\WINDOWS\Explorer.EXE[1788] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0FC8
.text C:\WINDOWS\Explorer.EXE[1788] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE001D
.text C:\WINDOWS\Explorer.EXE[1788] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 020A0FEF
.text C:\WINDOWS\Explorer.EXE[1788] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 020A0FDE
.text C:\WINDOWS\Explorer.EXE[1788] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 020A0FCD
.text C:\WINDOWS\Explorer.EXE[1788] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 020A0028
.text C:\WINDOWS\Explorer.EXE[1788] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F68
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20F79
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FA5
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20073
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20F2B
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20EF5
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C2008E
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C20EDA
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C20F94
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C20062
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C20011
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C20F10
.text C:\WINDOWS\system32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C10FA8
.text C:\WINDOWS\system32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C10FCA
.text C:\WINDOWS\system32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C1005B
.text C:\WINDOWS\system32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C10040
.text C:\WINDOWS\system32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C10FB9
.text C:\WINDOWS\system32\svchost.exe[2008] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\svchost.exe[2008] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C0004E
.text C:\WINDOWS\system32\svchost.exe[2008] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00029
.text C:\WINDOWS\system32\svchost.exe[2008] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[2008] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[2008] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00018
.text C:\WINDOWS\system32\svchost.exe[2008] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F000AB
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F0009A
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00089
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F0006C
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00040
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F77
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F94
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F00F41
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00F52
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F000FF
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F00051
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F00FA5
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F00025
.text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F000DA
.text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00EF0025
.text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00EF0036
.text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00EF0FCA
.text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00EF0F79
.text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00EF0F94
.text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [0F, 89]
.text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00EF0FAF
.text C:\WINDOWS\system32\svchost.exe[2060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0055
.text C:\WINDOWS\system32\svchost.exe[2060] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FD4
.text C:\WINDOWS\system32\svchost.exe[2060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0029
.text C:\WINDOWS\system32\svchost.exe[2060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\svchost.exe[2060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE003A
.text C:\WINDOWS\system32\svchost.exe[2060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0018
.text C:\WINDOWS\system32\svchost.exe[2060] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD0069
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD0058
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD003D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD00B2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0095
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD0F45
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD00DE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!GetProcAddress 7C80AE30 1 Byte [E9]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DD0F34
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DD001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DD0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DD0084
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DD0F9E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DD0FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DD00CD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DC0FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DC005B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DC002F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DC000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DC0F9E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DC0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00DC004A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DC0FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB005F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB0044
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB0029
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2132] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F69
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F7A
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F97
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0054
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FCD
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0096
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0085
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00BB
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F22
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B00CC
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0FB2
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B0F4E
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B0039
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2468] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B0F33
.text C:\WINDOWS\system32\wuauclt.exe[2468] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F64
.text C:\WINDOWS\system32\wuauclt.exe[2468] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0F7F
.text C:\WINDOWS\system32\wuauclt.exe[2468] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FB5
.text C:\WINDOWS\system32\wuauclt.exe[2468] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\wuauclt.exe[2468] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0F9A
.text C:\WINDOWS\system32\wuauclt.exe[2468] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FC6
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B0051
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B0F8A
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[2468] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002C000A
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F65
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F80
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A004E
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F91
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A002C
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F23
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F40
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0090
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F01
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0EDC
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A003D
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A006B
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A001B
.text C:\WINDOWS\system32\dllhost.exe[3144] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F12
.text C:\WINDOWS\system32\dllhost.exe[3144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290FAD
.text C:\WINDOWS\system32\dllhost.exe[3144] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FC8
.text C:\WINDOWS\system32\dllhost.exe[3144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290027
.text C:\WINDOWS\system32\dllhost.exe[3144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\dllhost.exe[3144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290038
.text C:\WINDOWS\system32\dllhost.exe[3144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\dllhost.exe[3144] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\dllhost.exe[3144] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A0F7C
.text C:\WINDOWS\system32\dllhost.exe[3144] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\system32\dllhost.exe[3144] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A0FDB
.text C:\WINDOWS\system32\dllhost.exe[3144] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A0F8D
.text C:\WINDOWS\system32\dllhost.exe[3144] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[3144] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 002A0F9E
.text C:\WINDOWS\system32\dllhost.exe[3144] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [4A, 88]
.text C:\WINDOWS\system32\dllhost.exe[3144] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A002F
.text C:\WINDOWS\system32\dllhost.exe[3144] WS2_32.dll!socket 71AB4211 5 Bytes JMP 004F0FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Sean\Desktop\gmer.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Sean\Desktop\gmer.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Sean\Desktop\gmer.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Sean\Desktop\gmer.exe[300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [036B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [036B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [036B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [036B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
===========================================================================

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:18 PM

Posted 15 April 2009 - 11:12 AM

You still have some things showing up so I would like you to try running ComboFix again. You can try it with the last set of instructions I gave in post # 10.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 SeanC

SeanC
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 15 April 2009 - 11:30 AM

I still cant save combofix. Everything that was happening when i tried before is happening again.

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:18 PM

Posted 15 April 2009 - 11:51 AM

You didn't by any chance already have ComboFix on your system from some previous time did you?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 SeanC

SeanC
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 15 April 2009 - 01:29 PM

no i have never had combo fix installed on this computer before.

Posted Image

screenshot of the error message displayed.


i downloaded combo fix on another computer and burned it to a cd and tried to execute it on my computer. no luck though. when i tried to copy it my computer froze and when i tried to open the file it said i did not have permission.

Edited by SeanC, 15 April 2009 - 01:29 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users