Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sysguard infection, other type of malware/virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 Pompey

Pompey

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 28 April 2009 - 05:50 PM

Hello to all.

I am having some major trouble with my computer.
I am getting a lot of random messages pop up on my screen. Here are a few examples of them.

1. Sysguard: Tracking Process Found
malicious code found at "0x17DA839A" address. Data interception cannot be stopped

2. The instruction at "0x77124920" referenced memory at "0x77124920". the memory could not be read

3.Exception processing message c0000013 parameters 75b6bf9c 4 75b6bf9c 75b6bf9c

4. services.exe has stopped working. A problem caused the program to stop working correctly. windows will close the program and notify you if a solution is available.


also, random internet explorer boxes pop up and various false spyware messages pop up in the task bar.

for some reason also, it seems that my computer is trying to install something to do with microsoft office 2003.

I downloaded superantispyware and ran the program, but that didn't work.


if someone could help me solve this problem, i would very much appreciate it.

Thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 29 April 2009 - 03:25 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished


NEXT


Please download Norman Malware Cleaner and save it to your Desktop.
  • Reboot your computer into Safe Mode.
  • Double-click Norman Malware Cleaner >> click Accept >> click Start scan
  • Let it finish it scan. A log will be created on your Desktop. Post the log in your next reply


NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.


NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
If you see "random" name, just leave it.. If you see "GMER", please rename GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Norman Malware Cleaner
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Edited by fenzodahl512, 29 April 2009 - 03:55 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Pompey

Pompey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 29 April 2009 - 07:59 PM

Hey fenzodahl512!

Thanks for the help. I did as you informed me to. I couldn't run the Norman Malware Cleaner for some reason. I'll try to download it again and run it.

I'll post the other 3 logs as you requested that I do. There are a few other things that I noticed that are happening since I last posted:

some program shows up multiple times in the task manager named sr6oc.exe.
also, now i cannot boot my computer in normal mode. It shows a blue screen with white writing for a brief millisecond, then goes to reboot.

Thank you for the help though. I REALLY appreciate it.
and good luck with the presentation tomorrow!

#4 Pompey

Pompey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 29 April 2009 - 08:01 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by K. Jones at 2009-04-29 17:51:46
Microsoft Windows XP Professional Service Pack 2
System drive C: has 91 GB (38%) free of 238 GB
Total RAM: 2039 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:10, on 4/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\winsock32.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\SysNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\Documents and Settings\K. Jones\reader_s.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\system32\DL32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\WINDOWS\TEMP\sr6oc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\K2AE6~1.JON\LOCALS~1\Temp\SysNotifier.exe
C:\Program Files\Executive Software\DiskeeperLite\DfrgFat.exe
C:\DOCUME~1\K2AE6~1.JON\LOCALS~1\Temp\4153405522.exe
C:\DOCUME~1\K2AE6~1.JON\LOCALS~1\Temp\1646127180.exe
C:\DOCUME~1\K2AE6~1.JON\LOCALS~1\Temp\3015411338.exe
C:\DOCUME~1\K2AE6~1.JON\LOCALS~1\Temp\3029942588.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\K. Jones\Desktop\RSIT.exe
C:\WINDOWS\TEMP\2335138812.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\K. Jones.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {74fa5d99-38cd-4e3e-b765-54fad4bda166} - C:\Documents and Settings\K. Jones\Application Data\HP\dobccmd.dll
O2 - BHO: (no name) - {80f563be-59b9-415c-ba83-ddb7ffd060dc} - C:\WINDOWS\system32\vetaweyo.dll
O2 - BHO: C:\WINDOWS\system32\sjg9s8guigjs.dll - {b2ba40a2-74f0-42bd-f434-12345a2c8953} - C:\WINDOWS\system32\sjg9s8guigjs.dll
O2 - BHO: (no name) - {d7ba558b-99b0-4544-8acb-9923b44a65c4} - c:\windows\system32\eoumrvy.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [] winsock32.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [sysldtray] c:\windows\ld08.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [laborewada] Rundll32.exe "C:\WINDOWS\system32\ronihuni.dll",s
O4 - HKLM\..\Run: [pp] C:\windows\pp06.exe
O4 - HKLM\..\Run: [CPMfff20cf2] Rundll32.exe "c:\windows\system32\fivahofi.dll",a
O4 - HKLM\..\RunServices: [] winsock32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\sr6oc.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\K. Jones\reader_s.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\sr6oc.exe
O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-4963492562-4992585165-301768820-8985\service.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\K2AE6~1.JON\LOCALS~1\Temp\3029942588.exe
O4 - HKCU\..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
O4 - HKCU\..\Run: [DL32] DL32
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [A00FF97F1.exe] C:\WINDOWS\TEMP\_A00FF97F1.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2335138812.exe (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\windows\system32\fivahofi.dll,C:\WINDOWS\system32\hupojoyu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dobccmd - C:\Documents and Settings\K. Jones\Application Data\HP\dobccmd.dll
O20 - Winlogon Notify: oerdhkld - C:\WINDOWS\SYSTEM32\eoumrvy.dll
O20 - Winlogon Notify: __c00EA64E - C:\WINDOWS\system32\__c00EA64E.dat
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sjg9s8guigjs.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 11870 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74fa5d99-38cd-4e3e-b765-54fad4bda166}]
C:\Documents and Settings\K. Jones\Application Data\HP\dobccmd.dll [2009-04-26 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80f563be-59b9-415c-ba83-ddb7ffd060dc}]
C:\WINDOWS\system32\vetaweyo.dll [2009-01-28 50176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba40a2-74f0-42bd-f434-12345a2c8953}]
C:\WINDOWS\system32\sjg9s8guigjs.dll - C:\WINDOWS\system32\sjg9s8guigjs.dll [2009-04-28 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7ba558b-99b0-4544-8acb-9923b44a65c4}]
c:\windows\system32\eoumrvy.dll [2001-08-23 102912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]
"Logitech Utility"=C:\WINDOWS\LOGI_MWX.EXE [2003-11-07 19968]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-12-18 307200]
"DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2005-10-26 61440]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-06-25 1629480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-04-27 206088]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"autochk"=C:\WINDOWS\system32\autochk.dll [2009-04-29 24064]
""=C:\WINDOWS\system32\winsock32.exe [2007-06-13 1551360]
"Framework Windows"=C:\WINDOWS\system32\frmwrk32.exe [2009-04-28 28672]
"sysldtray"=c:\windows\ld08.exe [2009-04-28 16384]
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-04-28 24576]
"laborewada"=C:\WINDOWS\system32\ronihuni.dll [2009-01-28 50176]
"pp"=C:\windows\pp06.exe [2009-04-28 10752]
"CPMfff20cf2"=c:\windows\system32\fivahofi.dll [2009-04-28 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"autochk"=C:\DOCUME~1\NETWOR~1\protect.dll [2009-04-27 24064]
""=C:\WINDOWS\TEMP\sr6oc.exe [2009-04-28 15001]
"reader_s"=C:\Documents and Settings\K. Jones\reader_s.exe [2009-04-28 24576]
"Windows Resurections"=C:\WINDOWS\TEMP\sr6oc.exe [2009-04-28 15001]
"12ZFG94-F641-2SF-K31P-5N1ER6H6L2"=C:\RECYCLER\S-1-5-21-4963492562-4992585165-301768820-8985\service.exe [2009-04-28 72704]
"Diagnostic Manager"=C:\DOCUME~1\K2AE6~1.JON\LOCALS~1\Temp\3029942588.exe [2009-04-29 34817]
"12CFG515-K641-55SF-N66P"=C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe [2009-04-29 30720]
"DL32"=DL32 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMfff20cf2]
c:\windows\system32\jolefayu.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fcc13f6e]
C:\WINDOWS\system32\janifedu.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe -start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-06-25 1057064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\laborewada]
C:\WINDOWS\system32\yowujeje.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-12-20 2656528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-03-17 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-06 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^K. Jones^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

C:\Documents and Settings\K. Jones\Start Menu\Programs\Startup
ChkDisk.dll
ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\windows\system32\fivahofi.dll,C:\WINDOWS\system32\hupojoyu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dobccmd]
C:\Documents and Settings\K. Jones\Application Data\HP\dobccmd.dll [2009-04-26 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\oerdhkld]
C:\WINDOWS\system32\eoumrvy.dll [2001-08-23 102912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00EA64E]
C:\WINDOWS\system32\__c00EA64E.dat [2009-04-29 27648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sjg9s8guigjs.dll [2009-04-28 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\hupojoyu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoDriveTypeAutoRun"=255
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\WINDOWS\system32\winsock32.exe"="C:\WINDOWS\system32\winsock32.exe:*:Enabled:winsock32"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105d5756-2025-11de-998d-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28b3f30f-d207-11dd-8e68-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c6a852e-bd1a-11dc-8d2b-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34611ff6-2d6f-11de-9997-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42415b59-7a02-11dc-8ce5-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5434aaf7-13a1-11de-9981-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74fabb7f-de16-11dd-8e7a-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b97a028a-26e3-11de-9991-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa28a2a-4abf-11dd-8dba-0013d3ab55f6}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf15335e-a702-11dd-8e36-0013d3ab55f6}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf15335f-a702-11dd-8e36-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e53260ce-d4b4-11dd-8e6c-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f417e4c8-9ad7-11dc-8d06-0013d3ab55f6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 3 months======

2009-04-29 16:01:49 ----A---- C:\WINDOWS\system32\lmppcsetup.exe
2009-04-29 14:05:15 ----DC---- C:\rsit
2009-04-29 13:54:40 ----A---- C:\WINDOWS\dzea.tmp
2009-04-29 13:54:40 ----A---- C:\WINDOWS\dzea.dll
2009-04-29 13:05:20 ----D---- C:\WINDOWS\ERDNT
2009-04-29 13:02:32 ----D---- C:\Program Files\ERUNT
2009-04-29 12:44:34 ----A---- C:\WINDOWS\system32\DL32.exe
2009-04-29 03:56:58 ----D---- C:\WINDOWS\CSC
2009-04-29 02:35:33 ----A---- C:\WINDOWS\system32\bxx.txt
2009-04-29 02:35:32 ----A---- C:\WINDOWS\system32\sdd.txt
2009-04-29 02:35:32 ----A---- C:\WINDOWS\system32\r24.txt
2009-04-29 02:35:32 ----A---- C:\WINDOWS\system32\p1.txt
2009-04-29 02:33:35 ----A---- C:\WINDOWS\system32\tranupx.dll
2009-04-29 02:22:34 ----A---- C:\WINDOWS\system32\cds.txt
2009-04-29 02:22:23 ----A---- C:\WINDOWS\system32\dz1.txt
2009-04-28 18:03:47 ----AC---- C:\ohkbrkoo.exe
2009-04-28 18:03:42 ----AC---- C:\xmrgycj.exe
2009-04-28 18:03:31 ----AC---- C:\okex.exe
2009-04-28 18:03:30 ----H---- C:\WINDOWS\pp06.exe
2009-04-28 18:03:28 ----A---- C:\WINDOWS\system32\dll32.exe
2009-04-28 18:03:26 ----AC---- C:\xipr.exe
2009-04-28 18:03:20 ----D---- C:\WINDOWS\system32\796525
2009-04-28 18:03:01 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-04-28 17:58:49 ----H---- C:\WINDOWS\ld08.exe
2009-04-28 17:58:45 ----AC---- C:\wwmeoblk.exe
2009-04-28 17:58:41 ----AC---- C:\pdtivk.exe
2009-04-28 17:58:38 ----AC---- C:\celkadaa.exe
2009-04-28 17:58:38 ----A---- C:\WINDOWS\system32\nvrsk.dll
2009-04-28 17:58:35 ----AC---- C:\kggi.exe
2009-04-28 17:58:34 ----A---- C:\WINDOWS\system32\sjg9s8guigjs.dll
2009-04-28 17:58:31 ----A---- C:\WINDOWS\instsp2.exe
2009-04-28 17:46:24 ----D---- C:\Program Files\Trend Micro
2009-04-28 17:05:15 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-04-28 16:57:25 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-28 16:41:55 ----A---- C:\WINDOWS\system32\ntdll64.exe
2009-04-28 16:41:50 ----A---- C:\WINDOWS\system32\frmwrk32.exe
2009-04-28 16:41:48 ----A---- C:\WINDOWS\system32\loader49.exe
2009-04-28 16:11:45 ----A---- C:\WINDOWS\system32\winglsetup.exe
2009-04-28 15:57:05 ----A---- C:\WINDOWS\SysNotifier.exe
2009-04-27 18:24:27 ----D---- C:\Program Files\Executive Software
2009-04-27 17:54:16 ----D---- C:\Program Files\CCleaner
2009-04-27 16:27:22 ----ASH---- C:\WINDOWS\system32\autochk.dll
2009-04-27 15:36:39 ----DC---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-27 15:36:09 ----DC---- C:\Documents and Settings\K. Jones\Application Data\SUPERAntiSpyware.com
2009-04-27 15:36:09 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-27 15:35:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-27 13:22:49 ----A---- C:\WINDOWS\system32\tmp.txt
2009-04-27 11:44:43 ----A---- C:\WINDOWS\system32\p2hhr.bat
2009-04-27 08:49:20 ----SH---- C:\WINDOWS\system32\udefinaj.ini
2009-04-27 01:06:37 ----DC---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-04-27 01:06:37 ----D---- C:\Program Files\Kaspersky Lab
2009-04-26 23:45:58 ----D---- C:\Program Files\Common Files\Cisco Systems
2009-04-26 23:45:58 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll.sig
2009-04-26 23:45:58 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll
2009-04-26 23:45:57 ----DC---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-04-26 23:42:30 ----D---- C:\Program Files\McAfee
2009-04-26 22:07:11 ----DC---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-26 20:48:57 ----SH---- C:\WINDOWS\system32\esogugej.ini
2009-04-26 20:43:54 ----DC---- C:\Documents and Settings\K. Jones\Application Data\pidle
2009-04-24 03:35:50 ----D---- C:\Program Files\PAS-Products
2009-04-19 22:16:57 ----D---- C:\Program Files\Way Out Ware
2009-04-18 02:09:01 ----A---- C:\WINDOWS\system32\SynthMasterResources.dll
2009-04-18 02:08:41 ----D---- C:\Program Files\Common Files\KV331 Audio
2009-04-16 09:45:21 ----DC---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-08 10:35:50 ----D---- C:\Program Files\Sonik Synth 2
2009-04-08 10:12:00 ----D---- C:\Program Files\Alcohol Soft
2009-04-06 08:39:33 ----D---- C:\Program Files\LSoft Technologies Inc
2009-04-06 08:32:34 ----D---- C:\Program Files\Common Files\xing shared
2009-04-06 08:32:02 ----D---- C:\Program Files\RichFX
2009-04-01 04:36:02 ----A---- C:\WINDOWS\system32\lvci11901262.dll
2009-03-31 17:09:40 ----D---- C:\Program Files\GForce
2009-03-25 01:44:37 ----DC---- C:\FBPUpdate
2009-03-18 06:37:50 ----D---- C:\Program Files\Mp3 Song Plays Increaser
2009-03-07 22:57:19 ----DC---- C:\Documents and Settings\All Users\Application Data\LightScribe
2009-03-07 07:35:50 ----DC---- C:\Documents and Settings\K. Jones\Application Data\Applied Acoustics Systems
2009-03-07 07:22:05 ----D---- C:\Program Files\AAS
2009-03-05 03:46:44 ----D---- C:\Program Files\MusicLab
2009-03-03 07:25:52 ----DC---- C:\Documents and Settings\All Users\Application Data\Logishrd
2009-03-03 07:25:36 ----DC---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-03-03 05:20:45 ----DC---- C:\Documents and Settings\K. Jones\Application Data\skypePM
2009-03-03 05:15:03 ----DC---- C:\Documents and Settings\K. Jones\Application Data\Skype
2009-03-03 05:14:52 ----D---- C:\Program Files\Common Files\Skype
2009-03-03 05:14:48 ----RD---- C:\Program Files\Skype
2009-03-03 03:26:45 ----N---- C:\WINDOWS\system32\lvci11801048.dll
2009-03-03 03:26:45 ----A---- C:\WINDOWS\system32\lvcoinst.ini
2009-03-03 03:26:44 ----A---- C:\WINDOWS\system32\LVUI2RC.dll
2009-03-03 03:26:44 ----A---- C:\WINDOWS\system32\LVUI2.dll
2009-03-03 03:26:43 ----A---- C:\WINDOWS\system32\lvcodec2.dll
2009-03-03 03:26:39 ----D---- C:\Program Files\Common Files\logishrd
2009-03-03 03:26:37 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-02-28 19:34:25 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-28 18:47:25 ----D---- C:\Program Files\Common Files\LightScribe
2009-02-27 15:43:17 ----DC---- C:\Documents and Settings\All Users\Application Data\Nero
2009-02-27 15:43:17 ----D---- C:\Program Files\Nero
2009-02-27 15:43:17 ----D---- C:\Program Files\Common Files\Ahead
2009-02-27 15:42:31 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-02-27 15:42:30 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-02-21 21:10:57 ----D---- C:\Program Files\Western Digital Technologies
2009-02-20 18:37:03 ----DC---- C:\SONG1
2009-02-19 16:31:20 ----A---- C:\WINDOWS\msmmdx9.ini
2009-02-18 12:00:53 ----D---- C:\Program Files\Common Files\Native Instruments
2009-02-18 12:00:34 ----N---- C:\WINDOWS\system32\minimp3.exe
2009-02-18 11:51:12 ----DC---- C:\Documents and Settings\K. Jones\Application Data\iZotope
2009-02-08 09:51:26 ----DC---- C:\Documents and Settings\All Users\Application Data\EarMaster
2009-02-07 02:37:50 ----AC---- C:\out.txt
2009-02-05 17:28:58 ----D---- C:\Program Files\Synth1
2009-02-05 12:10:56 ----A---- C:\WINDOWS\system32\tsccvid.dll
2009-02-05 12:10:55 ----D---- C:\WINDOWS\system32\QuickTime
2009-02-05 12:10:50 ----DC---- C:\Documents and Settings\All Users\Application Data\TechSmith
2009-02-05 12:10:42 ----D---- C:\Program Files\Common Files\TechSmith Shared
2009-02-05 12:10:38 ----D---- C:\Program Files\TechSmith
2009-02-03 13:03:52 ----DC---- C:\Documents and Settings\K. Jones\Application Data\YouSendIt
2009-02-03 13:03:30 ----D---- C:\Program Files\YouSendIt

======List of files/folders modified in the last 3 months======

2009-04-29 17:50:51 ----D---- C:\WINDOWS\Temp
2009-04-29 17:50:49 ----D---- C:\Program Files\Mozilla Firefox
2009-04-29 16:01:49 ----D---- C:\WINDOWS\system32
2009-04-29 15:17:27 ----D---- C:\WINDOWS
2009-04-29 15:14:26 ----RSHD---- C:\RECYCLER
2009-04-29 15:14:09 ----D---- C:\WINDOWS\system32\drivers
2009-04-29 15:12:36 ----SHD---- C:\System Volume Information
2009-04-29 14:09:51 ----D---- C:\WINDOWS\system32\Restore
2009-04-29 14:07:28 ----A---- C:\WINDOWS\DUMP28a1.tmp
2009-04-29 13:58:55 ----SHD---- C:\WINDOWS\Installer
2009-04-29 13:33:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-29 13:07:47 ----HDC---- C:\Config.Msi
2009-04-29 13:02:32 ----RD---- C:\Program Files
2009-04-29 12:55:08 ----ASDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-29 04:02:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-28 18:18:26 ----D---- C:\Program Files\Common Files
2009-04-28 17:58:59 ----ASH---- C:\WINDOWS\system32\laroheya.dll
2009-04-28 17:58:53 ----SD---- C:\WINDOWS\Tasks
2009-04-28 17:58:39 ----A---- C:\WINDOWS\system32\user32.DLL
2009-04-28 17:58:30 ----ASH---- C:\WINDOWS\system32\gobifose.dll
2009-04-28 17:58:29 ----ASH---- C:\WINDOWS\system32\ginekufu.exe
2009-04-28 17:58:29 ----ASH---- C:\WINDOWS\system32\fivahofi.dll
2009-04-28 17:17:32 ----RASHC---- C:\boot.ini
2009-04-28 17:17:32 ----N---- C:\WINDOWS\win.ini
2009-04-28 17:17:32 ----N---- C:\WINDOWS\system.ini
2009-04-28 16:26:59 ----D---- C:\WINDOWS\Prefetch
2009-04-27 21:43:39 ----A---- C:\WINDOWS\system32\msvcsv60.dll
2009-04-27 18:26:53 ----D---- C:\WINDOWS\Help
2009-04-27 18:01:04 ----D---- C:\WINDOWS\Minidump
2009-04-27 18:01:04 ----D---- C:\WINDOWS\Debug
2009-04-27 17:30:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-27 15:32:45 ----D---- C:\Program Files\QuickTime
2009-04-27 15:31:45 ----D---- C:\Program Files\Common Files\Apple
2009-04-27 13:31:08 ----DC---- C:\Documents and Settings
2009-04-27 08:49:12 ----ASH---- C:\WINDOWS\system32\fiyusuka.exe
2009-04-27 08:49:12 ----A---- C:\WINDOWS\system32\jolefayu.dll.vir
2009-04-27 01:07:09 ----HD---- C:\WINDOWS\inf
2009-04-26 23:59:03 ----D---- C:\Program Files\Bonjour
2009-04-26 21:54:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-26 21:00:36 ----D---- C:\Program Files\Windows NT
2009-04-26 20:48:48 ----DC---- C:\Documents and Settings\K. Jones\Application Data\HP
2009-04-26 20:48:47 ----ASH---- C:\WINDOWS\system32\mujuwepa.exe
2009-04-26 20:48:47 ----ASH---- C:\WINDOWS\system32\lebapide.exe
2009-04-25 21:38:37 ----DC---- C:\Documents and Settings\K. Jones\Application Data\Digidesign
2009-04-24 12:17:42 ----D---- C:\Program Files\MP3Gain
2009-04-24 12:15:26 ----D---- C:\Program Files\UltimateSoundBank
2009-04-24 12:15:25 ----D---- C:\Program Files\VstPlugins
2009-04-24 12:15:12 ----D---- C:\WINDOWS\WinSxS
2009-04-24 12:15:11 ----D---- C:\Program Files\The Print Shop 20
2009-04-24 12:14:59 ----RSD---- C:\WINDOWS\Fonts
2009-04-24 12:13:06 ----D---- C:\Program Files\CyberLink
2009-04-24 12:13:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-24 12:09:26 ----D---- C:\Program Files\321Studios
2009-04-24 12:05:01 ----D---- C:\Program Files\Blaze Media Pro
2009-04-24 12:01:17 ----D---- C:\Program Files\3D Blocks 2006 (V2.62)
2009-04-23 12:20:41 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-04-21 02:40:17 ----DC---- C:\Documents and Settings\K. Jones\Application Data\U3
2009-04-16 09:45:33 ----AD---- C:\Program Files\Common Files\Microsoft Shared
2009-04-16 09:45:23 ----D---- C:\Program Files\Microsoft Office
2009-04-16 03:09:07 ----D---- C:\Program Files\Waves
2009-04-16 02:52:35 ----DC---- C:\Documents and Settings\K. Jones\Application Data\Sony
2009-04-16 02:52:35 ----D---- C:\Program Files\Sony
2009-04-08 10:35:06 ----D---- C:\Program Files\REAPER
2009-04-08 10:04:10 ----D---- C:\Program Files\Sonik Synth 2 Free
2009-04-06 08:32:24 ----D---- C:\Program Files\Common Files\Real
2009-04-06 08:32:19 ----D---- C:\Program Files\Propellerhead
2009-04-06 08:32:18 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-04-06 08:32:09 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-04-06 08:32:09 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-04-06 08:32:04 ----N---- C:\WINDOWS\system32\msvcp71.dll
2009-04-06 08:32:04 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-04-06 05:36:31 ----AC---- C:\YServer.txt
2009-04-06 03:57:09 ----DC---- C:\Documents and Settings\K. Jones\Application Data\dvdcss
2009-04-04 03:29:46 ----D---- C:\Program Files\FriendBlasterPro
2009-04-03 03:41:34 ----SDC---- C:\Documents and Settings\K. Jones\Application Data\Microsoft
2009-04-02 05:16:26 ----DC---- C:\Documents and Settings\K. Jones\Application Data\Adobe
2009-04-01 04:37:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-01 04:36:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-01 04:36:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 04:35:20 ----D---- C:\Program Files\Logitech
2009-03-29 20:30:16 ----DC---- C:\Documents and Settings\K. Jones\Application Data\MySpace
2009-03-29 20:30:13 ----D---- C:\Program Files\MySpace
2009-03-25 15:35:50 ----DC---- C:\Documents and Settings\K. Jones\Application Data\Real
2009-03-07 22:57:26 ----DC---- C:\Documents and Settings\K. Jones\Application Data\Ahead
2009-03-03 07:27:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-03 06:26:59 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-03 05:14:52 ----DC---- C:\Documents and Settings\All Users\Application Data\Skype
2009-03-03 03:26:43 ----D---- C:\WINDOWS\twain_32
2009-02-27 15:51:01 ----DC---- C:\Documents and Settings\All Users\Application Data\Ahead
2009-02-27 15:42:31 ----D---- C:\WINDOWS\system32\DirectX
2009-02-27 15:41:01 ----D---- C:\Program Files\Ahead
2009-02-19 02:30:11 ----D---- C:\Program Files\Native Instruments
2009-02-18 11:51:16 ----DC---- C:\Documents and Settings\K. Jones\Application Data\PACE Anti-Piracy
2009-02-18 11:51:16 ----DC---- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2009-02-18 11:51:15 ----HD---- C:\Program Files\WindowsUpdate
2009-02-18 11:51:15 ----D---- C:\Program Files\Common Files\System
2009-02-17 16:35:28 ----D---- C:\Program Files\iZotope
2009-02-05 12:25:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-05 11:35:51 ----DC---- C:\Documents and Settings\K. Jones\Application Data\Mozilla
2009-02-03 14:35:51 ----D---- C:\Program Files\WinRAR
2009-02-03 13:03:07 ----D---- C:\WINDOWS\Downloaded Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-06-25 36776]
R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-06-25 38440]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-04-27 213520]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-12-16 3842560]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 dalwdmservice;dal service; C:\WINDOWS\system32\drivers\dalwdm.sys [2005-10-26 105472]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-11-07 51486]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-11-07 70798]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 MBX2DFU;MBX2DFU; C:\WINDOWS\SYSTEM32\DRIVERS\MBX2DFU.sys [2005-10-26 15488]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver; C:\WINDOWS\system32\drivers\mbx2midk.sys [2005-10-26 15232]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-12-17 2686104]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-06-25 119080]
S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys []
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\K2AE6~1.JON\LOCALS~1\Temp\aujasnkj.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-12-16 25624]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 voxthing;Voice Thing service; C:\WINDOWS\system32\drivers\voxthing.sys [2007-07-20 14208]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 YMIDUSB;YAMAHA Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2003-01-22 169088]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2005-10-26 61440]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [2002-10-16 176128]
R2 dnkyskbw;Digital CD Audio Playback Filter Controller; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-06-25 1552680]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S1 InCDrec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2007-06-25 16040]
S2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-04-27 206088]
S2 hyptfi;hyptfi; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-14 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 digiSPTIService;digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [2005-10-26 122880]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-10 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\VstPlugins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\VstPlugins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-04-29 14:05:33

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Motorola\iDEN WebJAL\Uninst.isu"
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4Front Bass Module 1.0 VSTi-->"C:\Program Files\VSTPlugins\unins001.exe"
4Front E-Piano Module 1.0 VSTi-->"C:\Program Files\VSTPlugins\unins002.exe"
4Front Piano Module 1.0 VSTi-->"C:\Program Files\VSTPlugins\unins003.exe"
4Front Rhode 1.0 VSTi-->"C:\Program Files\VstPlugins\unins000.exe"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall
AmpliTube LE_2 (C:\Program Files\IK Multimedia\AmpliTube LE_2)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F9A1591-340F-42E5-8E89-B95B21D14BC0}\Setup.exe" -l0x9
AmpliTube LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{574E7212-DE39-42EA-BF3B-F633D95514BB}\Setup.exe" -l0x9
AmpliTube2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB6691DA-66D3-412E-9853-641CF7D0C35A}\Setup.exe" -l0x9 uninstall
Analog Channel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E6941CA-15B4-4AC5-A54D-2A1C739323B6}\setup.exe" -l0x9 -removeonly
Antares Auto-Tune v4.39-->C:\PROGRA~1\ANTARE~1\AUTO-T~1\AIRLOG~1\AT4\UNWISE.EXE C:\PROGRA~1\ANTARE~1\AUTO-T~1\AIRLOG~1\AT4\INSTALL.LOG
Antares Autotune VST RTAS TDM v5.08-->"C:\Program Files\Antares Audio Technologies\unins000.exe"
Antares Avox 1.06-->C:\PROGRA~1\ANTARE~1\AVOXBU~1\INSTAL~1\UNWISE.EXE C:\PROGRA~1\ANTARE~1\AVOXBU~1\INSTAL~1\INSTALL.LOG
Antares Harmony Engine VST RTAS v1.0-->"C:\Program Files\Antares Audio Technologies\unins001.exe"
Antares Kantos v1.02 VST & RTAS-->C:\PROGRA~1\Antares\UNWISE.EXE C:\PROGRA~1\Antares\INSTALL.LOG
Antares Microphone Modeler 1.31 DirectX-->C:\PROGRA~1\VSTPLU~1\MicModDX\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\MicModDX\INSTALL.LOG
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applied Accoustics String Studio VS 1 VST DX v1.0-->C:\PROGRA~1\AAS\STRING~1.0\UNWISE.EXE C:\PROGRA~1\AAS\STRING~1.0\INSTALL.LOG
Applied Accoustics UltraAnalog VA-1 v1.01-->C:\PROGRA~1\AAS\ULTRAA~1.0\UNWISE.EXE C:\PROGRA~1\AAS\ULTRAA~1.0\INSTALL.LOG
Applied Acoustics Systems - Strum Acoustic GS-1 v1.0-->C:\Program Files\AAS\Strum Acoustic GS-1\Uninstall.exe
ASAPI Update-->C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
Audio Damage DubStation VST v1.0.2.0-->C:\PROGRA~1\VSTPLU~1\AUDIOD~1\DUBUNI~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\AUDIOD~1\DUBUNI~1\INSTALL.LOG
BBE D82 Sonic Maximizer VST RTAS v2.0-->"C:\Program Files\Nomad Factory\Uninstall\unins000.exe"
BBE Sonic Maximizer PlugIn-->C:\PROGRA~1\BBE\BBESON~1\UNWISE.EXE C:\PROGRA~1\BBE\BBESON~1\INSTALL.LOG
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
bx_solo 1.0.1-->"C:\Program Files\Brainworx Music\bx_solo\uninstall\unins000.exe"
Camtasia Studio 6-->MsiExec.exe /I{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Celemony Melodyne Plugin VST RTAS v1.0-->"C:\Program Files\Celemony\Melodyne plugin\Uninstall\unins000.exe"
Crysonic SINDO v1.0 VST-->C:\PROGRA~1\VSTPLU~1\SINDO\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\SINDO\INSTALL.LOG
DigiDesign DINR AudioSuite v3.41.330-->C:\PROGRA~1\DIGIDE~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\DIGIDE~1\UNINST~1\DINR.LOG
Digidesign Pro Tools LE 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BE47CAE-466C-4A12-AA62-3E3A1762DE87}\setup.exe" -l0x9 -removeonly
Digidesign Shared Plug-Ins 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B43A6F-E328-495A-ACFA-FC47C1B7215D}\Setup.exe" -l0x9 FromUninstall -removeonly
Digidesign Smack!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45393511-C3C2-4DF0-B7BE-0B6F1248E291}\Setup.exe" -l0x9 FromUninstall
Digidesign Synchronic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FDAC419-19EF-456A-8838-F3248F101D45}\Setup.exe" -l0x9 FromUninstall
Diskeeper Lite-->MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}
DiVerSe vocSteady VST v1.01-->"C:\Program Files\VstPlugins\DiVerSe\Uninstall\unins000.exe"
DVS Guitar v1.04-->"C:\Program Files\VstPlugins\DVS Guitar\unins000.exe"
DXG-572V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C516E56-0B4B-4BDE-88A2-035B4D170A26}\Setup.exe"
Edirol HQ Orchestral VSTi v1.03-->C:\PROGRA~1\EDIROL\ORCHES~1.03\UNWISE.EXE C:\PROGRA~1\EDIROL\ORCHES~1.03\INSTALL.LOG
Edirol Hyper Canvas v1.53-->C:\PROGRA~1\VSTPLU~1\EDIROL\HYPERC~1\EDIROL~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\EDIROL\HYPERC~1\EDIROL~1\INSTALL.LOG
Edirol Super Quartet v1.52 TALiO-->C:\PROGRA~1\EDIROL\SUPERQ~1.52\UNWISE.EXE C:\PROGRA~1\EDIROL\SUPERQ~1.52\INSTALL.LOG
Emagic EVP73 VSTi v1.0-->C:\PROGRA~1\VSTPLU~1\emagic\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\emagic\INSTALL.LOG
emagic EXSP24 VST-PlugIn-->C:\PROGRA~1\VSTPLU~1\emagic\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\emagic\exsp24.log
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Final Master Trial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E622ECC4-4310-4D7B-B401-159E0C22516A}\Setup.exe" -l0x9
FL Studio 7-->C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Free Bomb Factory Plug-Ins 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}\Setup.exe" -l0x9 FromUninstall -removeonly
FriendBlasterPro-->"C:\Program Files\FriendBlasterPro\unins000.exe"
Genesis Vst-->C:\Program Files\VstPlugins\Uninstal.exe
GForce - Minimonsta-->C:\WINDOWS\unvise32.exe C:\Program Files\GForce\Minimonsta\uninstal.log
Gladiator full-->"C:\Program Files\VstPlugins\unins008.exe"
GMediaMusic - Oddity VST2-->C:\WINDOWS\unvise32.exe C:\Program Files\VstPlugins\GMediaMusic\Oddity VST2\uninstal.log
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Driver Software 9.0-->C:\Program Files\HP\Digital Imaging\{F5936267-D467-4e7b-8940-A7D9F0398EF3}\setup\hpzscr01.exe -datfile hphscr15.dat -showdisconnect -forcereboot
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
IK Multimedia SampleTank XL DXi VSTi RTAS v2.1.0-->C:\PROGRA~1\IKMULT~1\SAMPLE~1\UNWISE.EXE C:\PROGRA~1\IKMULT~1\SAMPLE~1\INSTALL.LOG
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
InterLok Driver Kit-->MsiExec.exe /X{DA710550-08C4-4845-A151-21D6DC9ED6D1}
Iomega Product Registration-->MsiExec.exe /X{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}
iZotope Ozone 3-->"C:\Program Files\iZotope\Ozone 3\unins000.exe"
iZotope Ozone 4-->"C:\Program Files\iZotope\Ozone 4\unins000.exe"
iZotope Vinyl-->"C:\Program Files\iZotope\Vinyl\unins000.exe"
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Korg Legacy Collection v1.0.0.2-->C:\PROGRA~1\KORG\KORGLE~1\UNWISE.EXE C:\PROGRA~1\KORG\KORGLE~1\INSTALL.LOG
KV331 Audio SynthMaster VSTi RTAS v1.0.5.2-->"C:\Program Files\Common Files\KV331 Audio\SynthMaster\Uninstall\unins000.exe"
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
LimeWire 4.12.4-->"C:\Program Files\LimeWire\uninstall.exe"
LinPlug Organ 3-->C:\Program Files\VstPlugins\UninstalOrgan3.exe
Live 4.1.4-->C:\PROGRA~1\Ableton\LIVE41~1.4\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE41~1.4\Install\INSTALL.LOG
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech MouseWare 9.79 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /I{937B232D-9776-471E-92BD-D424E514EF14}
Logitech Resource Center-->C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Luxonix Purity VSTi v1.1.2-->"C:\Program Files\LUXONIX\Purity\Uninstall\unins000.exe"
LUXONIX Ravity(S) v1.4-->C:\PROGRA~1\LUXONIX\RAVITY~1\UNWISE.EXE C:\PROGRA~1\LUXONIX\RAVITY~1\INSTALL.LOG
Maximus-->C:\Program Files\Image-Line\Maximus\uninstall.exe
MelodyneUno 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47793F43-C76B-41F8-BF0B-6D75F281C322}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Word 2003-->MsiExec.exe /I{901B0409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (3.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MySpace Toolbar-->C:\Program Files\MySpace\Toolbar\1.0.32.0\Uninstall.exe
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS-->C:\PROGRA~1\NATIVE~1\FM8\UNWISE.EXE C:\PROGRA~1\NATIVE~1\FM8\INSTALL.LOG
Native Instruments Kontakt 3-->C:\PROGRA~1\NATIVE~1\KONTAK~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~1\INSTALL.LOG
Native Instruments Pro-53 v3.02-->C:\PROGRA~1\NATIVE~1\Pro-53\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Pro-53\INSTALL.LOG
Nero 7 Essentials-->MsiExec.exe /X{7D6AD5AB-7BBA-46E5-B1C0-07DD06D81033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Octopus-->C:\Program Files\VstPlugins\UninstalOctopus.exe
Overloud BREVERB VST RTAS v1.1-->"C:\Program Files\Overloud\Uninstall\unins000.exe"
PACE System Files-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}\Setup.exe" -l0x9 FromUninstall
PAS Spectrum Analyzer Pro v4.2.1-->C:\PROGRA~1\PAS-PR~1\SPECTR~1.2-1\UNWISE.EXE C:\PROGRA~1\PAS-PR~1\SPECTR~1.2-1\INSTALL.LOG
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PSP VintageWarmer2 2.1.4-->"C:\Program Files\PSPaudioware\PSP VintageWarmer2\uninstall.exe" "/U:C:\Program Files\PSPaudioware\PSP VintageWarmer2\irunin.xml"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealStrat 1.0-->"C:\Program Files\MusicLab\RealStrat\Uninstall.exe" "C:\Program Files\MusicLab\RealStrat\install.log" -u
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Reason 4.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
ReFX Junox2 VSTi v1.4-->C:\PROGRA~1\VSTPLU~1\REFXJU~1.4\Log\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\REFXJU~1.4\Log\INSTALL.LOG
Retrospect 7.5-->MsiExec.exe /I{92596597-71B3-4608-8628-AD48F2664EB9}
rgc:audio z3ta+ VSTi v1.4-->"C:\Program Files\VstPlugins\unins005.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rob Papen Albino 3-->C:\Program Files\VstPlugins\UninstalAlbino3.exe
Rob Papen BLUE Version 1.6.1-->"C:\Program Files\VstPlugins\unins004.exe"
Rob Papen Predator V1.1 b-->"C:\Program Files\VstPlugins\unins006.exe"
Roger Nichols Digital DETAILER VST RTAS v1.2-->"C:\Program Files\Roger Nichols Digital, Inc\Uninstall\unins000.exe"
Roger Nichols Digital DYNAM-IZER VST RTAS v1.2-->"C:\Program Files\Roger Nichols Digital, Inc\Uninstall\unins001.exe"
Roger Nichols Digital FINIS VST RTAS v1.2-->"C:\Program Files\Roger Nichols Digital, Inc\Uninstall\unins002.exe"
Roger Nichols Digital InspectorXL VST RTAS v1.2-->"C:\Program Files\Roger Nichols Digital, Inc\Uninstall\unins003.exe"
Roger Nichols Digital UNIQUEL-IZER VST RTAS v1.2-->"C:\Program Files\Roger Nichols Digital, Inc\Uninstall\unins004.exe"
Roger.Nichols.Digital.SPL-IZER.VST.RTAS v1.01-->"C:\Program Files\Roger Nichols Digital, Inc\SPL-IZER\Uninstall\unins000.exe"
RSO ExTreme Punch 3 VST-->C:\PROGRA~1\VSTPLU~1\RSOEXT~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\RSOEXT~1\INSTALL.LOG
RSO Vocal Magic Pro VST-->C:\PROGRA~1\VSTPLU~1\RSOVOC~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\RSOVOC~1\INSTALL.LOG
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonik Synth 2-->C:\PROGRA~1\SONIKS~2\UNWISE.EXE C:\PROGRA~1\SONIKS~2\INSTALL.LOG
Sonnox Oxford Inflator PowerCore VST v1.5.1-->"C:\Program Files\Sonnox\Uninstall\Sonnox Oxford Inflator PowerCore VST\unins000.exe"
Sonnox Oxford Limiter Native VST v1.1.1-->"C:\Program Files\Sonnox\Uninstall\Sonnox Oxford Limiter Native VST\unins000.exe"
Sonnox Oxford Limiter PowerCore VST v1.1.1-->"C:\Program Files\Sonnox\Uninstall\Sonnox Oxford Limiter PowerCore VST\unins000.exe"
Sonnox Oxford R3 Dynamics Native VST v1.3.1-->"C:\Program Files\Sonnox\Uninstall\Sonnox Oxford R3 Dynamics Native VST\unins000.exe"
Sonnox Oxford R3 Dynamics PowerCore VST v1.3.1-->"C:\Program Files\Sonnox\Uninstall\Sonnox Oxford R3 Dynamics PowerCore VST\unins000.exe"
Sonnox Oxford R3 EQ Native VST v1.6.1-->"C:\Program Files\Sonnox\Uninstall\Sonnox Oxford R3 EQ Native VST\unins000.exe"
Sonnox Oxford R3 EQ PowerCore VST v1.6.1-->"C:\Program Files\Sonnox\Uninstall\Sonnox Oxford R3 EQ PowerCore VST\unins000.exe"
Sonnox Oxford Reverb Native VST v1.0-->"C:\Program Files\Sonnox\Uninstall\Sonnox Oxford Reverb Native VST\unins000.exe"
Sonnox Oxford TransMod Native VST v1.3.1-->"C:\Program Files\Sonnox\Uninstall\Sonnox Oxford TransMod Native VST\unins000.exe"
Sonnox Oxford TransMod PowerCore VST v1.3.1-->"C:\Program Files\Sonnox\Uninstall\Sonnox Oxford TransMod PowerCore VST\unins000.exe"
Sony CD Architect 5.2-->MsiExec.exe /X{CCAC7B28-CA5C-4520-ABBB-184524C01A51}
Sony Media Manager 2.2-->MsiExec.exe /X{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}
Sony Noise Reduction Plug-In 2.0e-->MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}
Sony Sound Forge 9.0-->MsiExec.exe /X{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}
SPL De-Esser v1.0-->C:\PROGRA~1\VSTPLU~1\unwise.exe C:\PROGRA~1\VSTPLU~1\INSTALL.LOG
Steinberg Hypersonic 2-->"C:\Program Files\VstPlugins\Hypersonic\Hypersonic Content\unins000.exe"
Steinberg Hypersonic v1.12.808 Addon-->C:\PROGRA~1\VSTPLU~1\HYPERS~1\HYPERS~1\UNINST~1\ADDON\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\HYPERS~1\HYPERS~1\UNINST~1\ADDON\INSTALL.LOG
Steinberg Mastering Edition Enhanced 2002-->C:\PROGRA~1\VSTPLU~1\STEINB~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\STEINB~1\INSTALL.LOG
Steinberg WaveLab 5.01b-->C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sylenth1 v2.20-->"C:\Program Files\VstPlugins\Sylenth1\unins000.exe"
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosoft's License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Synth1-->"C:\Program Files\Synth1\setup.exe" /u
Tassman 4.0-->C:\PROGRA~1\AAS\TASSMA~1.0\UNWISE.EXE C:\PROGRA~1\AAS\TASSMA~1.0\INSTALL.LOG
TimewARP 2600 v1.10-->C:\PROGRA~1\WAYOUT~1\TIMEWA~1\UNWISE.EXE C:\PROGRA~1\WAYOUT~1\TIMEWA~1\INSTALL.LOG
Tone2 Warmverb multi-FX full-->"C:\Program Files\VstPlugins\unins007.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
TPS_module (remove only)-->"C:\Program Files\VstPlugins\uninst.exe"
T-RackS 1.x-->C:\Program Files\InstallShield Installation Information\{37BCCAE2-A3AD-4E03-B4FD-A1BE1FE6365A}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
T-RackS EQ-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F73F8B3-FA26-4828-83DD-E8A4324C7EEC}\Setup.exe" -l0x9
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Vocal Rack Trial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CA280F4-B354-4167-A262-ABE8347109D2}\Setup.exe" -l0x9
Waves API Collection-->C:\PROGRA~1\Waves\Logs\WAVESA~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESA~1\INSTALL.LOG
Waves Diamond Bundle v5.0-->C:\PROGRA~1\Waves\UNINST~1\UNWISE.EXE C:\PROGRA~1\Waves\UNINST~1\INSTALL.LOG
Waves Diamond Bundle v5.2-->C:\PROGRA~1\Waves\DIAMON~1\UNWISE.EXE C:\PROGRA~1\Waves\DIAMON~1\INSTALL.LOG
Waves L3 LL-->C:\PROGRA~1\Waves\Logs\WAVESL~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESL~1\INSTALL.LOG
Waves Masters-->C:\PROGRA~1\Waves\UNINST~2\UNWISE.EXE C:\PROGRA~1\Waves\UNINST~2\INSTALL.LOG
Waves Mercury Bundle-->C:\PROGRA~1\Waves\Logs\WAVESM~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESM~1\INSTALL.LOG
Waves SSL 4000 Collection 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D9FC789-D02E-488C-B233-124AA80930A5}\Setup.exe" -l0x9
Waves Vocal Bundle v1.1-->C:\PROGRA~1\Waves\AIRLOG~1\WAVESV~1\UNWISE.EXE C:\PROGRA~1\Waves\AIRLOG~1\WAVESV~1\INSTALL.LOG
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WizooVerb W5 VST v1.0-->"C:\Program Files\Wizoo\Uninstall\unins000.exe"
Xpand!-->"C:\Program Files\Digidesign\unins000.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
YouSendIt Express-->C:\Program Files\InstallShield Installation Information\{8C8224B7-AA9B-4807-97CD-55899BAC83FE}\setup.exe -runfromtemp -l0x0409

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla [2009-04-28]
O4 - HKLM\..\Run: [CPMfff20cf2] Rundll32.exe "c:\windows\system32\fivahofi.dll",a [2009-04-28]

======Security center information======

AV: Kaspersky Anti-Virus (disabled)

======System event log======

Computer Name: THE-AURL8YAM314
Event Code: 7000
Message: The Nsynas32 service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 24826
Source Name: Service Control Manager
Time Written: 20090424012406.000000-240
Event Type: error
User:

Computer Name: THE-AURL8YAM314
Event Code: 4311
Message: Initialization failed because the driver device could not be created.

Record Number: 24825
Source Name: NetBT
Time Written: 20090424012336.000000-240
Event Type: error
User:

Computer Name: THE-AURL8YAM314
Event Code: 4311
Message: Initialization failed because the driver device could not be created.

Record Number: 24824
Source Name: NetBT
Time Written: 20090424012336.000000-240
Event Type: error
User:

Computer Name: THE-AURL8YAM314
Event Code: 4311
Message: Initialization failed because the driver device could not be created.

Record Number: 24823
Source Name: NetBT
Time Written: 20090424012336.000000-240
Event Type: error
User:

Computer Name: THE-AURL8YAM314
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 24815
Source Name: W32Time
Time Written: 20090423005359.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: THE-AURL8YAM314
Event Code: 1000
Message: Faulting application protoolsle.exe, version 6.8.1.204, faulting module izozone3.dpm, version 3.0.8.856, fault address 0x0003a2b1.

Record Number: 229
Source Name: Application Error
Time Written: 20070913183531.000000-240
Event Type: error
User:

Computer Name: THE-AURL8YAM314
Event Code: 1517
Message: Windows saved user THE-AURL8YAM314\K. Jones registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 227
Source Name: Userenv
Time Written: 20070911200429.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: THE-AURL8YAM314
Event Code: 1002
Message: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 226
Source Name: Application Hang
Time Written: 20070911184935.000000-240
Event Type: error
User:

Computer Name: THE-AURL8YAM314
Event Code: 1002
Message: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 225
Source Name: Application Hang
Time Written: 20070911184735.000000-240
Event Type: error
User:

Computer Name: THE-AURL8YAM314
Event Code: 1517
Message: Windows saved user THE-AURL8YAM314\K. Jones registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 223
Source Name: Userenv
Time Written: 20070909211203.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\iZotope\Runtimes;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Executive Software\DiskeeperLite\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"DiskeeperIcon"=C:\Program Files\Executive Software\DiskeeperLite\

-----------------EOF-----------------

#5 Pompey

Pompey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 29 April 2009 - 08:09 PM

here is the gamer log.

also i had trouble running the scans in safe mode too. if i need to re run them, i will.

thanks

#6 Pompey

Pompey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 29 April 2009 - 08:28 PM

it wouldn't let me upload the gmer log...i guess i'll just post it in the reply here:


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-04-29 17:44:14
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x62 ? 843CEBF8
INT 0x63 ? 84176BF8
INT 0x73 ? 84176BF8
INT 0x73 ? 84176BF8
INT 0x82 ? 843CEBF8
INT 0xA4 ? 84176BF8
INT 0xB4 ? 84176BF8

Code 83C9F628 ZwEnumerateKey
Code 83B6FBC8 ZwFlushInstructionCache
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous
Code 83C29A86 IofCallDriver
Code 83EB705E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 83C29A8B
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 83EB7063
.text ntoskrnl.exe!IoIsOperationSynchronous 804EAF7E 5 Bytes JMP B13A75A2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F3BF9 5 Bytes JMP B13A71E8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
PAGE ntoskrnl.exe!ZwEnumerateKey 805783AC 5 Bytes JMP 83C9F62C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1A 5 Bytes JMP 83B6FBCC
? spoz.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9E9462C 5 Bytes JMP 841761D8
? C:\WINDOWS\System32\drivers\e69f7f85.sys The system cannot find the file specified. !
? C:\WINDOWS\System32\drivers\5535ee2a.sys The system cannot find the file specified. !
? C:\WINDOWS\System32\drivers\3fcec97.sys The system cannot find the file specified. !
? C:\WINDOWS\System32\drivers\3021da2.sys The system cannot find the file specified. !
? C:\WINDOWS\System32\drivers\1300b627.sys The system cannot find the file specified. !
.text Beep.SYS B0A42300 244 Bytes [EF, 9F, 2F, 3E, B0, DF, E5, ...]
.text Beep.SYS B0A423F5 182 Bytes [8B, 5D, 6B, 39, CE, FC, D9, ...]
.text Beep.SYS B0A424AC 166 Bytes [06, EB, DD, 4B, 23, 33, BD, ...]
.text Beep.SYS B0A42553 171 Bytes [40, EC, 79, D4, 67, A1, 95, ...]

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[1096] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[1132] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[1500] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[1568] image checksum mismatch; time/date stamp mismatch; unknown module: urlmon.dllunknown module: OLEAUT32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!InternetConnectA 771C30F3 5 Bytes JMP 007B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!HttpOpenRequestA 771C36DD 5 Bytes JMP 008B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!InternetCloseHandle 771C4D9C 5 Bytes JMP 0082000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!HttpSendRequestA 771C6129 5 Bytes JMP 0089000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!InternetReadFile 771C82DC 5 Bytes JMP 0084000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!InternetConnectW 771CEDF0 5 Bytes JMP 0081000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!HttpOpenRequestW 771CF3E6 5 Bytes JMP 008C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!InternetQueryDataAvailable 771D8A2F 5 Bytes JMP 0083000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!InternetSetStatusCallback 771D909C 5 Bytes JMP 0087000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!InternetReadFileExA 771F82EE 5 Bytes JMP 0085000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!InternetReadFileExW 771F8D3E 5 Bytes JMP 0086000D
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!InternetSetStatusCallbackW 771F8E51 5 Bytes JMP 0088000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3540] WININET.dll!HttpSendRequestW 77211EEC 5 Bytes JMP 008A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00C2210B c:\windows\system32\fivahofi.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!InternetConnectA 771C30F3 5 Bytes JMP 003F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!HttpOpenRequestA 771C36DD 5 Bytes JMP 00AE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!InternetCloseHandle 771C4D9C 5 Bytes JMP 00A5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!HttpSendRequestA 771C6129 5 Bytes JMP 00AC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!InternetReadFile 771C82DC 5 Bytes JMP 00A7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!InternetConnectW 771CEDF0 5 Bytes JMP 00A4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!HttpOpenRequestW 771CF3E6 5 Bytes JMP 00AF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!InternetQueryDataAvailable 771D8A2F 5 Bytes JMP 00A6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!InternetSetStatusCallback 771D909C 5 Bytes JMP 00AA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!InternetReadFileExA 771F82EE 5 Bytes JMP 00A8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!InternetReadFileExW 771F8D3E 5 Bytes JMP 00A9000D
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!InternetSetStatusCallbackW 771F8E51 3 Bytes JMP 00AB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!InternetSetStatusCallbackW + 4 771F8E55 1 Byte [89]
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!HttpSendRequestW 77211EEC 3 Bytes JMP 00AD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WININET.dll!HttpSendRequestW + 4 77211EF0 1 Byte [89]
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00C2264C c:\windows\system32\fivahofi.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WS2_32.dll!send 71AB428A 6 Bytes PUSH 00B83D54; RET C:\WINDOWS\system32\autochk.dll (lib/ )
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WS2_32.dll!WSARecv 71AB4318 6 Bytes PUSH 00B83BA7; RET C:\WINDOWS\system32\autochk.dll (lib/ )
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WS2_32.dll!recv 71AB615A 6 Bytes PUSH 00B83C31; RET C:\WINDOWS\system32\autochk.dll (lib/ )
.text C:\Program Files\Internet Explorer\iexplore.exe[3664] WS2_32.dll!WSASend 71AB6233 6 Bytes PUSH 00B83CD8; RET C:\WINDOWS\system32\autochk.dll (lib/ )
? C:\WINDOWS\System32\svchost.exe[4952] image checksum mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[5508] image checksum mismatch; time/date stamp mismatch;

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 843602D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [BA7B9C4C] spoz.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [BA7B9CA0] spoz.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA789040] spoz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA78913C] spoz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA7890BE] spoz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA7897FC] spoz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA7896D2] spoz.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 841762D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA799048] spoz.sys
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!MmLockPagableDataSection] AE72B491
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!KeCancelTimer] C1E8CEDA
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 230CF647
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoStartNextPacket] 507DEF68
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!KeSetTimer] 452FD10D
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!_allmul] FA2A4D46
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoStartPacket] 54E41E63
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!KeInitializeEvent] 5B4027F4
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!KeInitializeTimer] C4831BC9
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!KeInitializeDpc] 9F33B2F2
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoCreateDevice] F3DFCABF
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!RtlInitUnicodeString] 7DE9F5C0
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] CE5150C5
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] AB6CABDE
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] B8B6575B
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] 3B7B24CC
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoDeleteDevice] 36C96C01
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IofCompleteRequest] 5DB0240A
IAT \SystemRoot\System32\Drivers\Beep.SYS[HAL.dll!ExReleaseFastMutex] B64C02CF
IAT \SystemRoot\System32\Drivers\Beep.SYS[HAL.dll!KfRaiseIrql] 576F4E10
IAT \SystemRoot\System32\Drivers\Beep.SYS[HAL.dll!KfLowerIrql] 11F54A55
IAT \SystemRoot\System32\Drivers\Beep.SYS[HAL.dll!HalMakeBeep] D6CECBAE
IAT \SystemRoot\System32\Drivers\Beep.SYS[HAL.dll!ExAcquireFastMutex] A888366B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 1E9401C7
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] ECE90045
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560002F0
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00451E94] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 02F0DEE8
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] F45DE856
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 02F959E8
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0343D7E8
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] ADE8F075
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830002EF
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] A006C70C
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E800451E
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 89E8C68B
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000344
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 1EA006C7
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] F5E80045
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 40E95ECE
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830002F0
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] F3A9E856
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] AC01C700
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E900451E
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 451EAC06
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7CE85607] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590002F3
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 449C60B8
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 432EE800
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0003
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0002EF77
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 451EA006
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0343DBE8
IAT C:\WINDOWS\System32\svchost.exe[1096] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 1E9401C7
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] ECE90045
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560002F0
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00451E94] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 02F0DEE8
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] F45DE856
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 02F959E8
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0343D7E8
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] ADE8F075
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830002EF
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] A006C70C
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E800451E
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 89E8C68B
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000344
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 1EA006C7
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] F5E80045
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 40E95ECE
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830002F0
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] F3A9E856
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] AC01C700
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E900451E
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 451EAC06
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7CE85607] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590002F3
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 449C60B8
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 432EE800
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0003
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0002EF77
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 451EA006
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0343DBE8
IAT C:\WINDOWS\System32\svchost.exe[1132] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 1E9401C7
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] ECE90045
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560002F0
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00451E94] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 02F0DEE8
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] F45DE856
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 02F959E8
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0343D7E8
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] ADE8F075
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830002EF
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] A006C70C
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E800451E
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 89E8C68B
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000344
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 1EA006C7
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] F5E80045
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 40E95ECE
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830002F0
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] F3A9E856
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] AC01C700
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E900451E
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 451EAC06
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7CE85607] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590002F3
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 449C60B8
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 432EE800
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0003
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0002EF77
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 451EA006
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0343DBE8
IAT C:\WINDOWS\System32\svchost.exe[1500] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6BF0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD761B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDEBE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [7C80E93F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [7C91043D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [7C9179FD] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [7C80EA1B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [7C80C058] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [7C80977A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [7C80A0D4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C809A09] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C809BF8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C810637] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80BDB6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C830D74] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C809B47] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C80180E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C810B8E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C801A24] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C910331] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C831EAB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C8608FF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C835DCA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C802442] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C801E16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C802520] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C8309E1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80929C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80BE01] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C9010ED] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C901005] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C809728] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C8098EB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81CE03] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C91188A] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C801625] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C834D41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C80ABC1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809E01] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C809E79] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9105D4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809766] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77124920] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [771251B8] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [77125189] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [77125257] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77124980] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77124BA7] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7712C756] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77F72240] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77F8C41E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F6818C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7E430D56] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7E430237] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7E41CB85] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7E41C465] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7E418A80] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7E41CD97] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7E42E8D1] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7E42D1D1] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7E455BD7] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7E42DCD5] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7E41B933] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7E41DCD2] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7E418F9C] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7E430225] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7E430D7A] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1568] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [771B7138] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD7883] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD761B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDEBE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DFD5BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DFC41B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD6BF0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [7C9105D4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [7C80ABC1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [7C91043D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [7C802367] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C834D41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C809B47] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C810D87] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C8328F7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C862A69] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80220F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C809A72] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C8021CC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C83970D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C80BE01] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C814AF2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C812ADE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C910331] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80E93F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C802520] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C802442] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C810637] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C801E16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80DDF5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C862E2A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [71AB4FD4] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [71AB2BC0] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [71AB2B66] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [71AB615A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [71AB9639] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [71AB406A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [71AB3B91] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [71AB428A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [71AB4428] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [71AB664D] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C902A9D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 49EEFBA3
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000002
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 00000056
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00001284
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 00000684
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 00000020
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 00004E42
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 005C3A43
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 74737953
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 69426D65
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 6164736F
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00006574
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 44524148
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 45524157
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 50495243
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 4E4F4954
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 7379535C
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 006D6574
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 65646956
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 6F69426F
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 74614473
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000065
IAT C:\WINDOWS\System32\svchost.exe[4952] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 6E656449
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD7883] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD761B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDEBE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DFD5BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DFC41B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD6BF0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 00000000
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [7C9105D4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [7C80ABC1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [7C91043D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [7C802367] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C834D41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C809B47] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C810D87] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C8328F7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C862A69] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80220F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C809A72] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C8021CC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C83970D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C80BE01] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C814AF2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C812ADE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C910331] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80E93F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C802520] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C802442] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C810637] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C801E16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80DDF5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C862E2A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 00000000
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [71AB4FD4] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [71AB2BC0] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [71AB2B66] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [71AB615A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [71AB9639] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [71AB406A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [71AB3B91] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [71AB428A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [71AB4428] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [71AB664D] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C902A9D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 00000000
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 00000000
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 00000000
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 00000000
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 49EEFBA3
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 00000000
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000002
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 00000056
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00001284
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 00000684
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 00000020
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 00004E42
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 005C3A43
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 74737953
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 69426D65
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 6164736F
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00006574
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 44524148
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 45524157
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 50495243
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 4E4F4954
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 7379535C
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 006D6574
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 65646956
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 6F69426F
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 74614473
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000065
IAT C:\WINDOWS\System32\svchost.exe[5508] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 6E656449

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs 843CD1F8
Device \FileSystem\Fastfat \FatCdrom 840D51F8
Device \Driver\NDIS \Device\Ndis [84262982] NDIS.sys[.reloc]
Device \Driver\Tcpip \Device\Ip Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 841751F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8435E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8435E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8435E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8435E1F8
Device \Driver\usbuhci \Device\USBPDO-1 841751F8
Device \Driver\usbuhci \Device\USBPDO-2 841751F8
Device \Driver\usbuhci \Device\USBPDO-3 841751F8
Device \Driver\usbehci \Device\USBPDO-4 841741F8
Device \Driver\Tcpip \Device\Tcp Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 843CF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 843CF1F8
Device \Driver\Cdrom \Device\CdRom0 840981F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 843CF1F8
Device \Driver\atapi \Device\Ide\IdePort0 843CE1F8
Device \Driver\atapi \Device\Ide\IdePort1 843CE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 843CE1F8
Device \Driver\usbstor \Device\00000074 83B401F8
Device \Driver\usbstor \Device\00000075 83B401F8
Device \Driver\Tcpip \Device\Udp Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\RawIp Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 841751F8
Device \Driver\usbuhci \Device\USBFDO-1 841751F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83B571F8
Device \Driver\Tcpip \Device\IPMULTICAST Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 841751F8
Device 83B571F8
Device \Driver\usbuhci \Device\USBFDO-3 841751F8
Device \Driver\usbehci \Device\USBFDO-4 841741F8
Device \Driver\Ftdisk \Device\FtControl 843CF1F8
Device 840D51F8
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)

Device \FileSystem\Cdfs \Cdfs 83EBF500

---- EOF - GMER 1.0.15 ----

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 30 April 2009 - 04:53 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 Pompey

Pompey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 30 April 2009 - 06:25 PM

here is the combo fix log file
i could only run it in safe mode, and i couldn't log on to the internet to get the recovery console.

everytime i try to reboot in normal mode, the computer restarts by itself. a blue screen flashes and then it reboots.

i noticed in the msconfig (when booted in safe mode) there is something called a dumpprep in the startup. for some reason, i cannot control what items are used in startup because it says i must log in as an administrator...but i'm using the admin account. just another problem i ran across recently. i appreciate all your help though.

ComboFix 09-04-29.07 - K. Jones 04/30/2009 16:41.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1839 [GMT -4:00]
Running from: c:\documents and settings\K. Jones\Desktop\Combo-Fix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\temp\fCOe
c:\windows\mqcd.dbt
c:\windows\system32\ashl.nq
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\dl32.exe
c:\windows\system32\dolman.zt
c:\windows\system32\drivers\ovfsthmovobbvbwqwftpfqwhosvpbpqqhailqx.sys
c:\windows\system32\dz1.txt
c:\windows\system32\esogugej.ini
c:\windows\system32\fairy.an
c:\windows\system32\ferryl.cbv
c:\windows\system32\fivahofi.dll
c:\windows\system32\ginekufu.exe
c:\windows\system32\hupojoyu.dll
c:\windows\system32\inqby.sr
c:\windows\system32\jidesoti.exe
c:\windows\system32\lebapide.exe
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\loader49.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\msvcsv60.dll
c:\windows\system32\mujuwepa.exe
c:\windows\system32\nvrsk.dll
c:\windows\system32\onariyen.ini
c:\windows\system32\ovfsthbiiuwpfghuchhasxwkbttwdctgqeucsr.dll
c:\windows\system32\ovfsthinyllfrecvppqkkidimeiktqeexeuciy.dat
c:\windows\system32\ovfsthnlcjcompoysssjmhjthklbrwwatilfji.dll
c:\windows\system32\ovfsthnudjoeaaujyxviokdufijqxgeyxwwkmk.dll
c:\windows\system32\ovfsthvdimlenktkhlyqxngkwlwcixauveqbqt.dat
c:\windows\system32\p1.txt
c:\windows\system32\r24.txt
c:\windows\system32\sdd.txt
c:\windows\system32\ssprs.dll
c:\windows\system32\udefinaj.ini
c:\windows\system32\uniq.tll
c:\windows\system32\winglsetup.exe
c:\windows\system32\yijazowi.exe
c:\windows\Tasks\At1.job
c:\windows\Temp\1312860448.exe
c:\windows\Temp\1362606042.exe
c:\windows\Temp\18775940.exe
c:\windows\Temp\2200513074.exe
c:\windows\Temp\2335138812.exe
c:\windows\Temp\3093888746.exe
c:\windows\Temp\3534513790.exe
c:\windows\Temp\4176639528.exe
c:\windows\Temp\437224466.exe
c:\windows\Temp\596286966.exe
c:\windows\system32\eoumrvy.dll . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://82.98.235.228
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_dnkyskbw
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_dnkyskbw
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-30 17:37 . 2009-04-30 17:37 -------- dc----w c:\documents and settings\K. Jones\Application Data\Malwarebytes
2009-04-30 17:37 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 17:37 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 17:37 . 2009-04-30 17:37 -------- dc----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 17:37 . 2009-04-30 17:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 17:36 . 2009-04-30 17:36 -------- dc----w C:\32788R22FWJFW.0.tmp
2009-04-29 19:14 . 2009-04-29 22:08 93180 ----a-w c:\windows\system32\drivers\c7c2d685.sys
2009-04-29 18:05 . 2009-04-29 22:35 -------- dc----w C:\rsit
2009-04-29 17:56 . 2009-04-29 22:08 93180 ----a-w c:\windows\system32\drivers\3fcec97.sys
2009-04-29 17:02 . 2009-04-29 17:02 -------- d-----w c:\program files\ERUNT
2009-04-29 16:56 . 2009-04-29 16:56 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft
2009-04-29 06:34 . 2009-04-29 22:08 117628 ----a-w c:\windows\system32\drivers\e69f7f85.sys
2009-04-29 06:21 . 2009-04-29 22:08 117628 ----a-w c:\windows\system32\drivers\3021da2.sys
2009-04-28 23:02 . 2009-04-29 22:08 109308 ----a-w c:\windows\system32\drivers\1300b627.sys
2009-04-28 22:03 . 2009-04-30 11:21 -------- d-----w c:\windows\system32\796525
2009-04-28 21:58 . 2009-04-29 22:08 109308 ----a-w c:\windows\system32\drivers\5535ee2a.sys
2009-04-28 21:46 . 2009-04-28 21:46 -------- d-----w c:\program files\Trend Micro
2009-04-28 21:05 . 2009-04-28 21:05 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-28 21:00 . 2009-04-28 21:00 -------- dc----w c:\documents and settings\Administrator\Application Data\MySpace
2009-04-28 20:59 . 2009-04-28 20:59 -------- dc----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-28 02:12 . 2009-04-28 02:12 33824 ----a-w c:\windows\system32\drivers\oreans32.sys
2009-04-27 22:24 . 2009-04-27 22:26 -------- d-----w c:\program files\Executive Software
2009-04-27 21:54 . 2009-04-27 21:54 -------- d-----w c:\program files\CCleaner
2009-04-27 19:36 . 2009-04-27 19:36 -------- dc----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-27 19:36 . 2009-04-27 19:36 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-27 19:36 . 2009-04-27 19:36 -------- dc----w c:\documents and settings\K. Jones\Application Data\SUPERAntiSpyware.com
2009-04-27 19:35 . 2009-04-27 19:35 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-27 05:08 . 2009-04-27 06:46 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-27 05:08 . 2009-04-27 06:46 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-27 05:06 . 2009-04-27 05:06 -------- d-----w c:\program files\Kaspersky Lab
2009-04-27 05:06 . 2009-04-30 12:21 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-27 03:45 . 2006-11-17 07:06 1495552 ----a-w c:\windows\system32\epoPGPsdk.dll
2009-04-27 03:45 . 2009-04-27 03:45 -------- d-----w c:\program files\Common Files\Cisco Systems
2009-04-27 03:45 . 2009-04-27 04:57 -------- dc----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-27 03:42 . 2009-04-27 04:57 -------- d-----w c:\program files\McAfee
2009-04-27 02:07 . 2009-04-27 04:53 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-27 00:43 . 2009-04-27 02:31 -------- dc----w c:\documents and settings\K. Jones\Application Data\pidle
2009-04-24 07:35 . 2009-04-24 07:35 -------- d-----w c:\program files\PAS-Products
2009-04-20 02:16 . 2009-04-20 02:16 -------- d-----w c:\program files\Way Out Ware
2009-04-18 06:09 . 2006-05-30 11:22 13611008 ----a-w c:\windows\system32\SynthMasterResources.dll
2009-04-18 06:08 . 2009-04-18 06:08 -------- d-----w c:\program files\Common Files\KV331 Audio
2009-04-16 13:45 . 2009-04-17 05:22 -------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-08 14:35 . 2009-04-08 14:36 -------- d-----w c:\program files\Sonik Synth 2
2009-04-08 14:12 . 2009-04-08 14:12 -------- d-----w c:\program files\Alcohol Soft
2009-04-06 12:39 . 2009-04-06 12:39 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-06 12:39 . 2009-04-06 12:39 -------- d-----w c:\program files\LSoft Technologies Inc
2009-04-06 12:32 . 2009-04-06 12:32 -------- d-----w c:\program files\Common Files\xing shared
2009-04-06 12:32 . 2009-04-06 12:32 -------- d-----w c:\program files\RichFX
2009-04-01 08:36 . 2008-12-17 05:55 195096 ----a-w c:\windows\system32\lvci11901262.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 20:45 . 2001-08-23 12:00 102912 ----a-w c:\windows\system32\upbbyrh.dll
2009-04-30 15:42 . 2006-04-15 20:58 -------- d-----w c:\program files\VstPlugins
2009-04-30 15:41 . 2007-09-17 20:37 -------- d-----w c:\program files\VirtualDJ
2009-04-30 15:39 . 2006-04-11 02:00 -------- d-----w c:\program files\Talisman 2
2009-04-29 18:07 . 2006-04-10 16:49 98304 ----a-w c:\windows\DUMP28a1.tmp
2009-04-29 17:54 . 2009-04-29 17:54 33792 ----a-w c:\windows\dzea.tmp
2009-04-28 22:03 . 2002-08-29 00:09 212480 -c--a-w c:\windows\system32\drivers\ndis.sys
2009-04-28 21:58 . 2002-11-01 22:26 577536 ----a-w c:\windows\system32\user32.DLL
2009-04-28 01:43 . 2006-04-26 05:40 112 -c--a-w c:\windows\msocreg32.dat
2009-04-27 19:32 . 2006-04-11 00:32 -------- d-----w c:\program files\QuickTime
2009-04-27 19:31 . 2008-05-13 18:21 -------- d-----w c:\program files\Common Files\Apple
2009-04-27 12:49 . 2009-01-27 12:49 52224 --sha-w c:\windows\system32\fiyusuka.exe
2009-04-27 06:46 . 2008-01-29 22:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-27 03:59 . 2008-05-13 18:23 -------- d-----w c:\program files\Bonjour
2009-04-26 21:45 . 2006-04-11 00:53 293992 -c--a-w c:\documents and settings\K. Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 16:17 . 2008-05-12 18:35 -------- d-----w c:\program files\MP3Gain
2009-04-24 16:15 . 2008-08-04 09:22 -------- d-----w c:\program files\UltimateSoundBank
2009-04-24 16:15 . 2006-04-11 00:49 -------- d-----w c:\program files\The Print Shop 20
2009-04-24 16:13 . 2006-05-05 22:28 -------- d-----w c:\program files\CyberLink
2009-04-24 16:13 . 2006-04-11 01:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-24 16:12 . 2009-03-18 10:37 -------- d-----w c:\program files\Mp3 Song Plays Increaser
2009-04-24 16:09 . 2003-11-18 22:59 -------- d-----w c:\program files\321Studios
2009-04-24 16:05 . 2006-08-28 23:29 -------- d-----w c:\program files\Blaze Media Pro
2009-04-24 16:01 . 2006-04-11 02:13 -------- d-----w c:\program files\3D Blocks 2006 (V2.62)
2009-04-21 06:32 . 2009-02-05 21:28 -------- d-----w c:\program files\Synth1
2009-04-16 07:09 . 2007-04-09 01:42 -------- d-----w c:\program files\Waves
2009-04-16 06:52 . 2008-01-31 06:51 -------- d-----w c:\program files\Sony
2009-04-08 14:35 . 2009-01-04 05:51 -------- d-----w c:\program files\REAPER
2009-04-08 14:04 . 2008-08-03 18:59 -------- d-----w c:\program files\Sonik Synth 2 Free
2009-04-06 12:32 . 2008-01-11 18:04 -------- d-----w c:\program files\Common Files\Real
2009-04-06 12:32 . 2006-04-11 01:30 -------- d-----w c:\program files\Propellerhead
2009-04-06 12:32 . 2003-03-19 12:14 499712 ------w c:\windows\system32\msvcp71.dll
2009-04-04 07:29 . 2008-02-09 19:34 -------- d-----w c:\program files\FriendBlasterPro
2009-04-01 08:36 . 2009-03-03 07:26 -------- d-----w c:\program files\Common Files\logishrd
2009-04-01 08:35 . 2007-04-05 06:37 -------- d-----w c:\program files\Logitech
2009-03-31 21:09 . 2009-03-31 21:09 -------- d-----w c:\program files\GForce
2009-03-30 00:30 . 2007-12-25 09:09 -------- d-----w c:\program files\MySpace
2009-03-18 10:25 . 2009-03-07 11:22 -------- d-----w c:\program files\AAS
2009-03-05 07:46 . 2009-03-05 07:46 -------- d-----w c:\program files\MusicLab
2009-03-03 09:20 . 2009-03-03 09:20 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-03 09:14 . 2009-03-03 09:14 -------- d-----w c:\program files\Common Files\Skype
2009-03-03 09:14 . 2009-03-03 09:14 -------- d-----r c:\program files\Skype
2005-09-30 23:19 . 2006-04-11 02:06 88576 -c----w c:\program files\Dalwdm.sys
2009-01-27 00:43 . 2009-01-27 00:43 49152 --sha-w c:\windows\system32\vijohato.dll.tmp
2009-01-27 00:43 . 2009-01-27 00:43 49152 --sha-w c:\windows\system32\yowujeje.dll.tmp
.
c:\windows\system32\user32.dll ... is infected !!
[-] 2009-04-28 21:58 577,536 c:\windows\system32\dllcache\user32.dll
[-] 2009-04-28 21:58 577,536 c:\windows\system32\user32.DLL
[7] 2007-03-08 15:48 578,048 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2005-03-02 18:19 577,024 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2005-03-02 18:09 577,024 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 07:56 577,024 c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2004-08-04 07:56 577,024 c:\windows\ServicePackFiles\i386\user32.dll
[7] 2002-11-01 22:26 528,896 c:\windows\$NtServicePackUninstall$\user32.dll


------- Sigcheck -------

[7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2002-11-01 22:26 528896 68E1F4EF02DF52CA9C5E157045D23582 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2009-04-28 21:58 577536 F9DC5A52157597A6FD0142AC727E0A45 c:\windows\system32\user32.DLL
[-] 2009-04-28 21:58 577536 F9DC5A52157597A6FD0142AC727E0A45 c:\windows\system32\dllcache\user32.dll

[-] 2002-08-29 00:09 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2009-04-28 22:03 212480 791778A1F54D4B3F36773F11783A53FC c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-28 22:03 212480 791778A1F54D4B3F36773F11783A53FC c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7BA558B-99B0-4544-8ACB-9923B44A65C4}]
2001-08-23 12:00 102912 ----a-w c:\windows\system32\eoumrvy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DL32"="DL32" [X]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2005-10-26 61440]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"Logitech Utility"="LOGI_MWX.EXE" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

c:\documents and settings\K. Jones\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"midi2"= xgusb.cpl
"MIDI1"= diomidi.dll
"midi3"= mbx2midu.dll
"wave"= Digi32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^K. Jones^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\K. Jones\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"40877:TCP"= 40877:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-27 33808]
R0 pvrjkucv;pvrjkucv; [x]
R1 1300b627;1300b627;c:\windows\System32\drivers\1300b627.sys [2009-04-29 109308]
R1 3021da2;3021da2;c:\windows\System32\drivers\3021da2.sys [2009-04-29 117628]
R1 3fcec97;3fcec97;c:\windows\System32\drivers\3fcec97.sys [2009-04-29 93180]
R1 5535ee2a;5535ee2a;c:\windows\System32\drivers\5535ee2a.sys [2009-04-29 109308]
R1 c7c2d685;c7c2d685;c:\windows\System32\drivers\c7c2d685.sys [2009-04-29 93180]
R1 e69f7f85;e69f7f85;c:\windows\System32\drivers\e69f7f85.sys [2009-04-29 117628]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
R2 NeroRegInCDSrv;Nero Registry InCD Service; [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2005-10-26 105472]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2005-10-26 15232]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 voxthing;Voice Thing service;c:\windows\system32\drivers\voxthing.sys [2007-07-20 14208]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2005-10-26 16384]
S0 mewxfzxf;mewxfzxf;c:\windows\system32\drivers\mewxfzxf.sys [2001-08-23 23424]
S1 Asapi;Asapi; [x]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-10 33792]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [2005-10-26 15488]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hyptfi

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa28a2a-4abf-11dd-8dba-0013d3ab55f6}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf15335e-a702-11dd-8e36-0013d3ab55f6}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
HKLM-Run-laborewada - c:\windows\system32\ronihuni.dll
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\4176639528.exe
Notify-dobccmd - c:\documents and settings\K. Jones\Application Data\HP\dobccmd.dll
Notify-NavLogon - (no file)
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: antimalwareguard.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
FF - ProfilePath - c:\documents and settings\K. Jones\Application Data\Mozilla\Firefox\Profiles\t5ckaqdd.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\MySpace\Toolbar\1.0.32.0\components\MySpaceFFoxTB.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 17:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\kumeweva.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\xgusb.cpl
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\xgusb.cpl

- - - - - - - > 'explorer.exe'(304)
c:\windows\system32\xgusb.cpl
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-04-30 17:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 21:25

Pre-Run: 94,981,246,976 bytes free
Post-Run: 95,157,739,520 bytes free

365 --- E O F --- 2008-01-12 08:01

Attached Files



#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 30 April 2009 - 11:01 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

NetSvc::
hyptfi

Driver::
pvrjkucv
1300b627
3021da2
3fcec97
5535ee2a
c7c2d685
e69f7f85
mewxfzxf
hyptfi

Rootkit::
c:\windows\system32\eoumrvy.dll

File::
c:\windows\system32\drivers\c7c2d685.sys
c:\windows\system32\drivers\3fcec97.sys
c:\windows\system32\drivers\e69f7f85.sys
c:\windows\system32\drivers\3021da2.sys
c:\windows\system32\drivers\1300b627.sys
c:\windows\system32\drivers\5535ee2a.sys
c:\windows\system32\drivers\oreans32.sys
c:\windows\system32\lvci11901262.dll
c:\windows\system32\upbbyrh.dll
c:\windows\dzea.tmp
c:\windows\system32\fiyusuka.exe
c:\windows\system32\vijohato.dll.tmp
c:\windows\system32\yowujeje.dll.tmp
c:\windows\system32\eoumrvy.dll
c:\windows\system32\drivers\mewxfzxf.sys
c:\windows\system32\kumeweva.dll

FCopy::
c:\windows\ServicePackFiles\i386\user32.dll | c:\windows\system32\user32.DLL
c:\windows\ServicePackFiles\i386\user32.dll | c:\windows\system32\dllcache\user32.dll

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7BA558B-99B0-4544-8ACB-9923B44A65C4}]

DirLook::
c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft
c:\windows\system32\796525
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DL32"=-

FileLook::
c:\windows\system32\xgusb.cpl

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Pompey

Pompey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 01 May 2009 - 03:24 AM

combo fix log

ComboFix 09-04-30.05 - K. Jones 05/01/2009 4:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1622 [GMT -4:00]
Running from: c:\documents and settings\K. Jones\Desktop\Combo-Fix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-05-01 07:29 . 2009-05-01 08:10 1666592 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-01 07:29 . 2009-05-01 08:10 294944 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-30 17:37 . 2009-04-30 17:37 -------- dc----w c:\documents and settings\K. Jones\Application Data\Malwarebytes
2009-04-30 17:37 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 17:37 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 17:37 . 2009-04-30 17:37 -------- dc----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 17:37 . 2009-04-30 17:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 17:36 . 2009-04-30 17:36 -------- dc----w C:\32788R22FWJFW.0.tmp
2009-04-29 18:05 . 2009-04-29 22:35 -------- dc----w C:\rsit
2009-04-29 17:02 . 2009-04-29 17:02 -------- d-----w c:\program files\ERUNT
2009-04-29 16:56 . 2009-04-29 16:56 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft
2009-04-28 22:03 . 2009-04-30 11:21 -------- d-----w c:\windows\system32\796525
2009-04-28 21:46 . 2009-04-28 21:46 -------- d-----w c:\program files\Trend Micro
2009-04-28 21:05 . 2009-04-28 21:05 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-28 21:00 . 2009-04-28 21:00 -------- dc----w c:\documents and settings\Administrator\Application Data\MySpace
2009-04-28 20:59 . 2009-04-28 20:59 -------- dc----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-27 22:24 . 2009-04-27 22:26 -------- d-----w c:\program files\Executive Software
2009-04-27 21:54 . 2009-04-27 21:54 -------- d-----w c:\program files\CCleaner
2009-04-27 19:36 . 2009-04-27 19:36 -------- dc----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-27 19:36 . 2009-04-27 19:36 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-27 19:36 . 2009-04-27 19:36 -------- dc----w c:\documents and settings\K. Jones\Application Data\SUPERAntiSpyware.com
2009-04-27 19:35 . 2009-04-27 19:35 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-27 05:08 . 2009-04-27 06:46 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-27 05:08 . 2009-04-27 06:46 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-27 05:06 . 2009-04-27 05:06 -------- d-----w c:\program files\Kaspersky Lab
2009-04-27 05:06 . 2009-05-01 08:10 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-27 03:45 . 2006-11-17 07:06 1495552 ----a-w c:\windows\system32\epoPGPsdk.dll
2009-04-27 03:45 . 2009-04-27 03:45 -------- d-----w c:\program files\Common Files\Cisco Systems
2009-04-27 03:45 . 2009-04-27 04:57 -------- dc----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-27 03:42 . 2009-04-27 04:57 -------- d-----w c:\program files\McAfee
2009-04-27 02:07 . 2009-04-27 04:53 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-27 00:43 . 2009-04-27 02:31 -------- dc----w c:\documents and settings\K. Jones\Application Data\pidle
2009-04-24 07:35 . 2009-04-24 07:35 -------- d-----w c:\program files\PAS-Products
2009-04-20 02:16 . 2009-04-20 02:16 -------- d-----w c:\program files\Way Out Ware
2009-04-18 06:09 . 2006-05-30 11:22 13611008 ----a-w c:\windows\system32\SynthMasterResources.dll
2009-04-18 06:08 . 2009-04-18 06:08 -------- d-----w c:\program files\Common Files\KV331 Audio
2009-04-16 13:45 . 2009-04-17 05:22 -------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-08 14:35 . 2009-04-08 14:36 -------- d-----w c:\program files\Sonik Synth 2
2009-04-08 14:12 . 2009-04-08 14:12 -------- d-----w c:\program files\Alcohol Soft
2009-04-06 12:39 . 2009-04-06 12:39 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-06 12:39 . 2009-04-06 12:39 -------- d-----w c:\program files\LSoft Technologies Inc
2009-04-06 12:32 . 2009-04-06 12:32 -------- d-----w c:\program files\Common Files\xing shared
2009-04-06 12:32 . 2009-04-06 12:32 -------- d-----w c:\program files\RichFX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 08:10 . 2009-05-01 07:29 15148 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-01 08:10 . 2009-05-01 07:29 2088 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-01 07:20 . 2001-08-23 12:00 23424 ----a-w c:\windows\system32\drivers\puydctcz.sys
2009-04-30 15:42 . 2006-04-15 20:58 -------- d-----w c:\program files\VstPlugins
2009-04-30 15:41 . 2007-09-17 20:37 -------- d-----w c:\program files\VirtualDJ
2009-04-30 15:39 . 2006-04-11 02:00 -------- d-----w c:\program files\Talisman 2
2009-04-29 18:07 . 2006-04-10 16:49 98304 ----a-w c:\windows\DUMP28a1.tmp
2009-04-28 22:03 . 2002-08-29 00:09 212480 -c--a-w c:\windows\system32\drivers\ndis.sys
2009-04-28 01:43 . 2006-04-26 05:40 112 -c--a-w c:\windows\msocreg32.dat
2009-04-27 19:32 . 2006-04-11 00:32 -------- d-----w c:\program files\QuickTime
2009-04-27 19:31 . 2008-05-13 18:21 -------- d-----w c:\program files\Common Files\Apple
2009-04-27 06:46 . 2008-01-29 22:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-27 03:59 . 2008-05-13 18:23 -------- d-----w c:\program files\Bonjour
2009-04-26 21:45 . 2006-04-11 00:53 293992 -c--a-w c:\documents and settings\K. Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 16:17 . 2008-05-12 18:35 -------- d-----w c:\program files\MP3Gain
2009-04-24 16:15 . 2008-08-04 09:22 -------- d-----w c:\program files\UltimateSoundBank
2009-04-24 16:15 . 2006-04-11 00:49 -------- d-----w c:\program files\The Print Shop 20
2009-04-24 16:13 . 2006-05-05 22:28 -------- d-----w c:\program files\CyberLink
2009-04-24 16:13 . 2006-04-11 01:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-24 16:12 . 2009-03-18 10:37 -------- d-----w c:\program files\Mp3 Song Plays Increaser
2009-04-24 16:09 . 2003-11-18 22:59 -------- d-----w c:\program files\321Studios
2009-04-24 16:05 . 2006-08-28 23:29 -------- d-----w c:\program files\Blaze Media Pro
2009-04-24 16:01 . 2006-04-11 02:13 -------- d-----w c:\program files\3D Blocks 2006 (V2.62)
2009-04-21 06:32 . 2009-02-05 21:28 -------- d-----w c:\program files\Synth1
2009-04-16 07:09 . 2007-04-09 01:42 -------- d-----w c:\program files\Waves
2009-04-16 06:52 . 2008-01-31 06:51 -------- d-----w c:\program files\Sony
2009-04-08 14:35 . 2009-01-04 05:51 -------- d-----w c:\program files\REAPER
2009-04-08 14:04 . 2008-08-03 18:59 -------- d-----w c:\program files\Sonik Synth 2 Free
2009-04-06 12:32 . 2008-01-11 18:04 -------- d-----w c:\program files\Common Files\Real
2009-04-06 12:32 . 2006-04-11 01:30 -------- d-----w c:\program files\Propellerhead
2009-04-06 12:32 . 2003-03-19 12:14 499712 ------w c:\windows\system32\msvcp71.dll
2009-04-04 07:29 . 2008-02-09 19:34 -------- d-----w c:\program files\FriendBlasterPro
2009-04-01 08:36 . 2009-03-03 07:26 -------- d-----w c:\program files\Common Files\logishrd
2009-04-01 08:35 . 2007-04-05 06:37 -------- d-----w c:\program files\Logitech
2009-03-31 21:09 . 2009-03-31 21:09 -------- d-----w c:\program files\GForce
2009-03-30 00:30 . 2007-12-25 09:09 -------- d-----w c:\program files\MySpace
2009-03-18 10:25 . 2009-03-07 11:22 -------- d-----w c:\program files\AAS
2009-03-05 07:46 . 2009-03-05 07:46 -------- d-----w c:\program files\MusicLab
2009-03-03 09:20 . 2009-03-03 09:20 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-03 09:14 . 2009-03-03 09:14 -------- d-----w c:\program files\Common Files\Skype
2009-03-03 09:14 . 2009-03-03 09:14 -------- d-----r c:\program files\Skype
2005-09-30 23:19 . 2006-04-11 02:06 88576 -c----w c:\program files\Dalwdm.sys
.

------- Sigcheck -------

[-] 2002-08-29 00:09 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2009-04-28 22:03 212480 791778A1F54D4B3F36773F11783A53FC c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-28 22:03 212480 791778A1F54D4B3F36773F11783A53FC c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-30_21.17.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-26 11:16 . 2008-10-16 18:09 43544 c:\windows\system32\wups2.dll
+ 2006-04-11 01:58 . 2008-10-16 18:08 34328 c:\windows\system32\wups.dll
+ 2006-04-11 00:01 . 2008-10-16 18:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-05-01 07:48 . 2008-10-16 18:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-05-01 07:48 . 2008-10-16 18:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2006-04-11 01:58 . 2008-10-16 18:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2006-04-11 00:01 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2002-08-29 01:40 . 2008-10-16 18:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2009-05-01 07:29 . 2009-05-01 08:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-04-11 00:06 . 2009-04-30 20:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-04-11 00:06 . 2009-05-01 08:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-04-11 00:06 . 2009-04-30 20:15 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-04-11 00:06 . 2009-05-01 08:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2002-08-29 01:40 . 2008-10-16 18:09 92696 c:\windows\system32\cdm.dll
+ 2006-04-11 01:58 . 2008-10-16 18:13 202776 c:\windows\system32\wuweb.dll
+ 2006-04-11 01:58 . 2008-10-16 18:12 323608 c:\windows\system32\wucltui.dll
+ 2006-04-11 01:58 . 2008-10-16 18:12 561688 c:\windows\system32\wuapi.dll
+ 2002-11-01 22:26 . 2004-08-04 07:56 577024 c:\windows\system32\user32.DLL
+ 2006-04-11 01:58 . 2008-10-16 18:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2006-04-11 01:58 . 2008-10-16 18:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2006-04-11 01:58 . 2008-10-16 18:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2007-03-08 15:36 . 2004-08-04 07:56 577024 c:\windows\system32\dllcache\user32.dll
+ 2009-05-01 07:38 . 2009-05-01 07:38 106496 c:\windows\ERDNT\AutoBackup\5-1-2009\Users\00000002\UsrClass.dat
+ 2009-05-01 07:38 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-1-2009\ERDNT.EXE
+ 2006-04-11 00:01 . 2008-10-16 18:13 1809944 c:\windows\system32\wuaueng.dll
+ 2006-04-11 00:01 . 2008-10-16 18:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-05-01 07:38 . 2009-05-01 07:38 14684160 c:\windows\ERDNT\AutoBackup\5-1-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DL32"="DL32" [X]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2005-10-26 61440]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-06 198160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-27 206088]
"Logitech Utility"="LOGI_MWX.EXE" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

c:\documents and settings\K. Jones\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"midi2"= xgusb.cpl
"MIDI1"= diomidi.dll
"midi3"= mbx2midu.dll
"wave"= Digi32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"40877:TCP"= 40877:TCP:@xpsp2res.dll,-22009

R2 NeroRegInCDSrv;Nero Registry InCD Service; [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2005-10-26 105472]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [2005-10-26 15488]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2005-10-26 15232]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 voxthing;Voice Thing service;c:\windows\system32\drivers\voxthing.sys [2007-07-20 14208]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2005-10-26 16384]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-27 33808]
S1 Asapi;Asapi; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-10 33792]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa28a2a-4abf-11dd-8dba-0013d3ab55f6}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf15335e-a702-11dd-8e36-0013d3ab55f6}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: antimalwareguard.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
FF - ProfilePath - c:\documents and settings\K. Jones\Application Data\Mozilla\Firefox\Profiles\t5ckaqdd.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\MySpace\Toolbar\1.0.32.0\components\MySpaceFFoxTB.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 04:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\xgusb.cpl
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\xgusb.cpl

- - - - - - - > 'explorer.exe'(9016)
c:\windows\system32\xgusb.cpl
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\System32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Executive Software\DiskeeperLite\DKService.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-05-01 4:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-01 08:16
ComboFix2.txt 2009-05-01 07:45
ComboFix3.txt 2009-04-30 21:25

Pre-Run: 94,770,098,176 bytes free
Post-Run: 94,785,957,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

306 --- E O F --- 2008-01-12 08:01




hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:18:59, on 5/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DL32] DL32
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 9016 bytes

#11 Pompey

Pompey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 01 May 2009 - 03:33 AM

so far so good...only problem now is that when i click on a link in firefox, i get redirected to other sites...might be some other stuff i don't know about yet....but i'm sure you'll let me know what to do next...thanks.

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 01 May 2009 - 04:03 AM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Pompey

Pompey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 01 May 2009 - 12:46 PM

goored log

GooredFix v1.92 by jpshortstuff
Log created at 13:44 on 01/05/2009 running Option #1 (K. Jones)
Firefox version 3.0.9 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{DD6FB046-A884-492B-9F34-FDA5159E6023}

C:\Program Files\Mozilla Firefox\extensions\{710E5BC8-150D-453A-8629-FD06496F50AF}

C:\Program Files\Mozilla Firefox\extensions\{4528A4AB-903D-40F5-ABFE-C2EACFDFAF15}

C:\Program Files\Mozilla Firefox\extensions\{0E34738E-553F-4828-9FBE-FB817AEC0A11}

C:\Program Files\Mozilla Firefox\extensions\{01B8253E-AA98-4DF7-88B2-54F8952E82F0}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"myspacefftb@myspace.com"="C:\Program Files\MySpace\Toolbar\1.0.32.0\"

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 01 May 2009 - 01:17 PM

Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Post me these logs in your next reply..

1. GooredFix
2. ESET Online
3. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 Pompey

Pompey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 01 May 2009 - 02:27 PM

2nd goored log

GooredFix v1.92 by jpshortstuff
Log created at 15:23 on 01/05/2009 running Option #2 (K. Jones)
Firefox version 3.0.9 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{DD6FB046-A884-492B-9F34-FDA5159E6023}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{710E5BC8-150D-453A-8629-FD06496F50AF}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{4528A4AB-903D-40F5-ABFE-C2EACFDFAF15}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{0E34738E-553F-4828-9FBE-FB817AEC0A11}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{01B8253E-AA98-4DF7-88B2-54F8952E82F0}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"myspacefftb@myspace.com"="C:\Program Files\MySpace\Toolbar\1.0.32.0\"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users