Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

having trouble with virtumonde and maybe one or two moe...


  • This topic is locked This topic is locked
22 replies to this topic

#1 architect

architect

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 26 June 2009 - 08:35 AM

Hello,

First I want to say that it's a great thing that this website exists... thank you thank you thank you.

I've noticed two red flag items over the past couple of days. First, whenever I click a link produced by a google search, I'm redirected to random sites. Second, periodically I'm being "warned" that I have a virus by a website which looks as though it's scanning my computer. Yesterday, the desktop walpaper was actually replaced by a message giving me a warning that, in summary, said that I needed to remove all spyware and that everything I do is being recorded on my computer. Not a good feeling.

I've installed a few items to try to combat the problem. I've got Avira AntiVir running, I've updated the definitions, scanned, and cleaned with it. I've also verified that my windows firewall is active. I've used Abexo Registry cleaner. I've also ran the Malwarebyte program a few times with updates. Lastly I've got PC Tools Spyware Doctor running, this program consistently finds 2 programs after computer startup even though I tell it to block the programs every time is informs me.

I'm fairy certain my big problem lies in a file called BDS/Agent.aagv which is noted as a backdoor program infecting my windows/system32/dxec.exe file, I believe it was malwarebyte that informed me that it could not quarantine this particular file. Also, as the title of this post would suggest, I've got a few instances of the virtumonde program on my pc as well. I don't know how much that particular program is to blame for my problems, but it's definitely there.

My dds and attach logs are posted below. I'm grateful for any help or insight you may have to offer.

Thank you!


DDS (Ver_09-05-14.01) - NTFSx86
Run by Wess at 1:05:47.75 on Fri 06/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1039 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Wess\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [A00F1FA11B.exe] c:\docume~1\wess\locals~1\temp\_A00F1FA11B.exe
uRun: [A00F5D0E4.exe] c:\docume~1\wess\locals~1\temp\_A00F5D0E4.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
StartupFolder: c:\docume~1\wess\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~2.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\yahoo! autosync\AutosyncForYahoo.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158911228625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: f0720132623 - c:\windows\system32\iertutil32.dll
Notify: igfxcui - igfxdev.dll
Notify: __c0036DC7 - c:\windows\system32\__c0036DC7.dat
Notify: __c0084B29 - c:\windows\system32\__c0084B29.dat
Notify: __c008E5A9 - c:\windows\system32\__c008E5A9.dat
AppInit_DLLs: c:\windows\system32\iertutil32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-24 130936]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-24 11608]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-9-20 58464]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-24 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-24 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-24 55640]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-9-20 98304]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2006-2-14 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2006-6-8 29184]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-24 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-24 1095560]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-9-20 116864]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
S2 gupdate1c9f39222b78bdd;Google Update Service (gupdate1c9f39222b78bdd);c:\program files\google\update\GoogleUpdate.exe [2009-6-22 133104]
S3 NdisWDM;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\drivers\ndiswdm.sys --> c:\windows\system32\drivers\ndiswdm.sys [?]

=============== Created Last 30 ================

2009-06-25 18:45 <DIR> --dsh--- c:\documents and settings\wess\PrivacIE
2009-06-25 18:31 <DIR> --dsh--- c:\documents and settings\wess\IETldCache
2009-06-25 17:42 <DIR> --d----- c:\program files\Abexo
2009-06-25 09:33 <DIR> --d----- c:\docume~1\wess\applic~1\Uniblue
2009-06-24 16:11 <DIR> --d----- c:\program files\Avira
2009-06-24 16:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-24 15:21 <DIR> --d----- c:\docume~1\wess\applic~1\Malwarebytes
2009-06-24 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-24 15:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-24 10:48 <DIR> --d----- c:\program files\common files\xing shared
2009-06-24 10:28 <DIR> --d----- c:\program files\IEToolbar
2009-06-24 09:46 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-24 09:46 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-24 09:46 <DIR> --d----- c:\docume~1\wess\applic~1\PC Tools
2009-06-24 09:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-24 09:45 <DIR> --d----- c:\temp\google
2009-06-24 09:45 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-24 09:45 <DIR> --d----- c:\program files\Norton Security Scan
2009-06-15 17:53 <DIR> --d----- c:\program files\iPod
2009-06-15 17:52 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================


============= FINISH: 1:09:19.31 ===============


ATTACH

Attached Files



BC AdBot (Login to Remove)

 


#2 architect

architect
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 26 June 2009 - 11:58 AM

Following up on my initial post. I just got a notification from spyware doctor that it found a rootkit.tdds file. I'm guessing it's worth mentioning because it listed it as a serious threat.

Thanks!

Hello architect,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 26 June 2009 - 02:27 PM.


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:59 AM

Posted 30 June 2009 - 09:55 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
First I would like to see a new log since alot could have changed since your origional post.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks

unite.jpg


#4 architect

architect
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 02 July 2009 - 04:31 PM

Hi Syler,

I appreciate you taking time out to help. The information you requested is below.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Wess at 2009-07-02 17:22:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (11%) free of 70 GB
Total RAM: 2038 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:51 PM, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wess\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Wess.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [A00F1FA11B.exe] C:\DOCUME~1\Wess\LOCALS~1\Temp\_A00F1FA11B.exe
O4 - HKCU\..\Run: [A00F5D0E4.exe] C:\DOCUME~1\Wess\LOCALS~1\Temp\_A00F5D0E4.exe
O4 - HKCU\..\Run: [A00F93A1116.exe] C:\DOCUME~1\Wess\LOCALS~1\Temp\_A00F93A1116.exe
O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O4 - Global Startup: Yahoo! Autosync.lnk = C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158911228625
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\iertutil32.dll
O20 - Winlogon Notify: f0720132623 - C:\WINDOWS\System32\iertutil32.dll (file missing)
O20 - Winlogon Notify: __c0036DC7 - C:\WINDOWS\
O20 - Winlogon Notify: __c007A11B - C:\WINDOWS\
O20 - Winlogon Notify: __c0084B29 - C:\WINDOWS\
O20 - Winlogon Notify: __c008E5A9 - C:\WINDOWS\
O20 - Winlogon Notify: __c00A6C52 - C:\WINDOWS\system32\__c00A6C52.dat (file missing)
O20 - Winlogon Notify: __c00CCE46 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9f39222b78bdd) (gupdate1c9f39222b78bdd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Wess/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 15446 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Wess.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-16 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-24 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-22 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-23 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"Adobe Version Cue CS2"=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-23 148888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-11-04 615696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-04-08 321344]
"A00F1FA11B.exe"=C:\DOCUME~1\Wess\LOCALS~1\Temp\_A00F1FA11B.exe []
"A00F5D0E4.exe"=C:\DOCUME~1\Wess\LOCALS~1\Temp\_A00F5D0E4.exe []
"A00F93A1116.exe"=C:\DOCUME~1\Wess\LOCALS~1\Temp\_A00F93A1116.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F6C5026.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Internet Security Suite]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2005-12-07 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2009-06-24 214560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe [2004-02-22 32881]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-26 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
C:\WINDOWS\system32\WDBtnMgr.exe [2006-12-19 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-06-30 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Wireless Network Monitor.lnk - C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
Yahoo! Autosync.lnk - C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe

C:\Documents and Settings\Wess\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\iertutil32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f0720132623]
C:\WINDOWS\System32\iertutil32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0036DC7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007A11B]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0084B29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008E5A9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00A6C52]
C:\WINDOWS\system32\__c00A6C52.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00CCE46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"="C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe"="C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe:*:Disabled:SketchUp Application"
"C:\Program Files\Next Limit\Maxwell\mxst.exe"="C:\Program Files\Next Limit\Maxwell\mxst.exe:*:Disabled:mxst"
"C:\Program Files\Next Limit\Maxwell\mxcl.exe"="C:\Program Files\Next Limit\Maxwell\mxcl.exe:*:Disabled:mxcl"
"C:\Program Files\Next Limit\Maxwell\mxman.exe"="C:\Program Files\Next Limit\Maxwell\mxman.exe:*:Disabled:mxman"
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe"="C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe:*:Disabled:SketchUp Application"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Next Limit\Maxwell\mxst.exe"="C:\Program Files\Next Limit\Maxwell\mxst.exe:*:Disabled:mxst"
"C:\Program Files\Next Limit\Maxwell\mxcl.exe"="C:\Program Files\Next Limit\Maxwell\mxcl.exe:*:Disabled:mxcl"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-07-02 17:22:40 ----D---- C:\Program Files\trend micro
2009-07-02 17:22:39 ----D---- C:\rsit
2009-07-01 12:48:03 ----D---- C:\WINDOWS\LastGood
2009-06-27 10:00:08 ----SHD---- C:\WINDOWS\system32\SystemX86
2009-06-25 17:45:19 ----D---- C:\WINDOWS\ie8updates
2009-06-25 17:42:29 ----D---- C:\Program Files\Abexo
2009-06-25 17:42:07 ----HDC---- C:\WINDOWS\ie8
2009-06-25 11:18:37 ----A---- C:\Documents and Settings\All Users\Application Data\98071556.ini
2009-06-25 09:33:31 ----D---- C:\Documents and Settings\Wess\Application Data\Uniblue
2009-06-24 16:11:35 ----D---- C:\Program Files\Avira
2009-06-24 16:11:35 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-06-24 15:21:24 ----D---- C:\Documents and Settings\Wess\Application Data\Malwarebytes
2009-06-24 15:13:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-24 15:11:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-24 13:54:58 ----D---- C:\Documents and Settings\Wess\Application Data\Real
2009-06-24 13:22:45 ----D---- C:\Documents and Settings\Wess\Application Data\Mozilla
2009-06-24 10:48:33 ----D---- C:\Program Files\Common Files\xing shared
2009-06-24 10:28:54 ----A---- C:\WINDOWS\system32\winset.ini
2009-06-24 10:28:35 ----D---- C:\Program Files\IEToolbar
2009-06-24 10:06:33 ----A---- C:\WINDOWS\GnuHashes.ini
2009-06-24 09:46:49 ----D---- C:\Program Files\Common Files\PC Tools
2009-06-24 09:46:28 ----D---- C:\Program Files\Spyware Doctor
2009-06-24 09:46:28 ----D---- C:\Documents and Settings\Wess\Application Data\PC Tools
2009-06-24 09:46:28 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-06-24 09:46:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-24 09:46:08 ----D---- C:\Program Files\Mozilla Firefox
2009-06-24 09:45:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-24 09:45:51 ----D---- C:\Program Files\Norton Security Scan
2009-06-24 09:45:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-23 21:17:21 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-23 21:17:20 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-23 21:17:20 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-23 21:17:20 ----A---- C:\WINDOWS\system32\java.exe
2009-06-16 02:41:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-16 02:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-16 02:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-16 02:37:32 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-15 17:53:02 ----D---- C:\Program Files\iPod
2009-06-15 17:52:54 ----D---- C:\Program Files\iTunes
2009-06-15 17:46:18 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2009-07-02 17:22:40 ----D---- C:\Program Files
2009-07-02 17:19:47 ----D---- C:\Documents and Settings\Wess\Application Data\DNA
2009-07-02 17:14:55 ----D---- C:\WINDOWS\system32
2009-07-02 17:10:40 ----HD---- C:\WINDOWS\inf
2009-07-02 17:10:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-02 17:10:40 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-02 17:10:40 ----D---- C:\WINDOWS
2009-07-02 17:10:09 ----D---- C:\WINDOWS\Temp
2009-07-01 17:02:56 ----D---- C:\WINDOWS\Prefetch
2009-07-01 12:55:21 ----SH---- C:\boot.ini
2009-07-01 12:55:21 ----A---- C:\WINDOWS\win.ini
2009-07-01 12:55:21 ----A---- C:\WINDOWS\system.ini
2009-07-01 12:46:24 ----SD---- C:\WINDOWS\Tasks
2009-07-01 12:45:29 ----D---- C:\WINDOWS\system32\drivers
2009-07-01 12:44:41 ----D---- C:\Program Files\DNA
2009-06-30 23:11:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-30 16:00:36 ----SHD---- C:\WINDOWS\Installer
2009-06-30 09:47:41 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-29 09:57:38 ----SHD---- C:\WINDOWS\CSC
2009-06-29 09:57:33 ----D---- C:\WINDOWS\Minidump
2009-06-25 18:31:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-25 18:31:14 ----D---- C:\WINDOWS\system32\en-us
2009-06-25 18:31:14 ----D---- C:\WINDOWS\Media
2009-06-25 18:31:14 ----D---- C:\WINDOWS\Help
2009-06-25 18:31:14 ----D---- C:\Program Files\Internet Explorer
2009-06-25 17:45:39 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-25 17:45:33 ----A---- C:\WINDOWS\imsins.BAK
2009-06-24 16:10:48 ----D---- C:\WINDOWS\WinSxS
2009-06-24 13:51:38 ----D---- C:\Program Files\Autodesk
2009-06-24 10:48:33 ----D---- C:\Program Files\Common Files
2009-06-24 10:48:30 ----D---- C:\Program Files\Common Files\Real
2009-06-24 10:48:26 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-06-24 10:48:21 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-06-24 10:48:21 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-06-24 10:48:20 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-06-24 10:00:13 ----D---- C:\quarantine
2009-06-24 09:46:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-06-24 09:45:58 ----HD---- C:\TEMP
2009-06-24 09:45:11 ----D---- C:\Program Files\Google
2009-06-23 21:16:54 ----D---- C:\Program Files\Java
2009-06-16 02:43:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-15 17:58:47 ----D---- C:\Program Files\Safari
2009-06-15 17:52:59 ----D---- C:\Program Files\Common Files\Apple
2009-06-15 17:42:30 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2006-06-08 58464]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-05-11 21419]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2004-08-18 67584]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2006-06-08 116864]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2005-12-09 67840]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-11-28 27072]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-12-14 551680]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 MRVW245;D-Link Wireless N USB Adapter DWA-130 Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\MRVW245.sys []
S3 NdisWDM;Dynex Enhanced Wireless G USB Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ndiswdm.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-01-23 37664]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-11-05 79360]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-23 152984]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2005-12-07 98304]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2006-02-14 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2006-06-08 29184]
R2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
R2 RetroWDSvc;Retrospect WD Service; C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [2003-12-10 46592]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 gupdate1c9f39222b78bdd;Google Update Service (gupdate1c9f39222b78bdd); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 183280]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-17 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.06 2009-07-02 17:22:55

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Abexo Free Registry Cleaner-->C:\Program Files\Abexo\afrc\uninst.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0409
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader for Pocket PC 2.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{291A772C-FFB9-4681-B720-AB2A0A620896}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AGS CD-ROM Version 3.0-->C:\WINDOWS\UNWISE.EXE C:\WINDOWS\AGSCDV3.LOG "AGS CD-ROM V3 Uninstall"
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCAD 9 INT-->C:\Program Files\Graphisoft\ArchiCAD 9\Uninstall.AC\uninstaller.exe
Artlantis Studio 1.2-->C:\Program Files\Artlantis Studio\uninst.exe
Autodesk 3ds Max 8-->MsiExec.exe /I{DBB313D6-4B13-4961-BD5F-673CDA1793CC}
Autodesk Architectural Desktop 2006-->MsiExec.exe /I{5783F2D7-4004-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Autodesk Revit Building 8.1-->MsiExec.exe /X{7EBC0489-5E47-498D-BE31-B094484612E9}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{034E061B-B3A3-4123-842E-10C1B6B3C8C7}
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{034E061B-B3A3-4123-842E-10C1B6B3C8C7}
BlackBerry Device Communication Components-->MsiExec.exe /X{BFB3EA26-D666-4FDE-ADB5-F3D7BD5985A5}
BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone-->MsiExec.exe /X{0B59A227-CAC2-4688-8759-580B4DC5F220}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Mobile Broadband Card Utility-->MsiExec.exe /X{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google SketchUp 6 Exporters-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 7-->MsiExec.exe /I{E5D52570-5EF1-4576-A434-6CCD92268F0F}
Google SketchUp LayOut 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly
Google SketchUp Pro 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Linksys Dual-Band Wireless-N USB Network Adapter-->C:\Program Files\InstallShield Installation Information\{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}\setup.exe -runfromtemp -l0x0409
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"
Maxwell Render-->MsiExec.exe /I{EEB97B65-667A-4D76-ABD4-441FB30D5CE6}
MaxwellExport 0.4.1 (Alpha)-->"C:\Program Files\@Last Software\SketchUp 5\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access 2003 Runtime-->MsiExec.exe /I{901C0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NetLibrary Media Center-->MsiExec.exe /X{FC4CD3F4-C46C-4110-A96B-C938738FD690}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{795AF20A-51C5-4BAF-9EF5-AA38105C6141}
Oce 9400-->RunDll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\9X00I3.DLL,SetupRunDll32Entry /m"Oce 9400"
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Retrospect 6.5-->MsiExec.exe /I{73B69C5C-87D6-471E-B695-0BD736C4B644}
Revit Architecture 2008-->MsiExec.exe /X{4A11206C-4377-49E8-911E-B11548658FF3}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Safari-->MsiExec.exe /I{C5C649A8-1D21-4C83-9B08-7B3752E580F4}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SketchUp 5 Architecture Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A535CF14-E12F-40B0-B6A3-6E214EA12CD3}\setup.exe" -l0x9 -removeonly
SketchUp 5 Landscape Architecture Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDAA5D11-FAA6-425A-AF9D-0D7B5FCDCD74}\setup.exe" -l0x9 -removeonly
SketchUp 5 Symbols Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19E6ECAE-E43E-4551-887D-E8F2680EDF8C}\setup.exe" -l0x9 -removeonly
SketchUp 5 Transportation Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{862E85C6-3A84-444C-A9B8-456E8115C392}\setup.exe" -l0x9 -removeonly
SketchUp 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B357C4B4-9024-4B64-9B3F-A6729031C3DD}\setup.exe" -l0x9
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\Setup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Autosync-->MsiExec.exe /X{98B672F2-857C-4CC9-A25D-6B218077F4F6}

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: WESS-PERSONAL
Event Code: 256
Message: Timed out sending notification of device interface change to window of "C:\Program Files\Linksys\WUSB600N\WUSB600N.exe"

Record Number: 56103
Source Name: PlugPlayManager
Time Written: 20090506174500.000000-240
Event Type: warning
User:

Computer Name: WESS-PERSONAL
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 56074
Source Name: b57w2k
Time Written: 20090506095358.000000-240
Event Type: warning
User:

Computer Name: WESS-PERSONAL
Event Code: 256
Message: Timed out sending notification of device interface change to window of "C:\Program Files\Linksys\WUSB600N\WUSB600N.exe"

Record Number: 56064
Source Name: PlugPlayManager
Time Written: 20090505195218.000000-240
Event Type: warning
User:

Computer Name: WESS-PERSONAL
Event Code: 256
Message: Timed out sending notification of device interface change to window of "C:\Program Files\Linksys\WUSB600N\WUSB600N.exe"

Record Number: 56063
Source Name: PlugPlayManager
Time Written: 20090505195218.000000-240
Event Type: warning
User:

Computer Name: WESS-PERSONAL
Event Code: 256
Message: Timed out sending notification of device interface change to window of "C:\Program Files\Linksys\WUSB600N\WUSB600N.exe"

Record Number: 56062
Source Name: PlugPlayManager
Time Written: 20090505195218.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: WESS-PERSONAL
Event Code: 19011
Message: SuperSocket info: (SpnRegister) : Error 1355.

Record Number: 24305
Source Name: MSSQLServer
Time Written: 20090508085414.000000-240
Event Type: warning
User:

Computer Name: WESS-PERSONAL
Event Code: 19011
Message: SuperSocket info: (SpnRegister) : Error 1355.

Record Number: 24275
Source Name: MSSQLServer
Time Written: 20090506095356.000000-240
Event Type: warning
User:

Computer Name: WESS-PERSONAL
Event Code: 19011
Message: SuperSocket info: (SpnRegister) : Error 1355.

Record Number: 24236
Source Name: MSSQLServer
Time Written: 20090504111234.000000-240
Event Type: warning
User:

Computer Name: WESS-PERSONAL
Event Code: 19011
Message: SuperSocket info: (SpnRegister) : Error 1355.

Record Number: 24188
Source Name: MSSQLServer
Time Written: 20090423101624.000000-240
Event Type: warning
User:

Computer Name: WESS-PERSONAL
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16827, faulting module mshtml.dll, version 7.0.6000.16825, fault address 0x00047ec5.

Record Number: 24169
Source Name: Application Error
Time Written: 20090418234803.000000-240
Event Type: error
User:

=====Security event log=====

Computer Name: SACD-LUKE
Event Code: 578
Message: Privileged object operation:

Object Server: Security

Object Handle: 644

Process ID: 3384

Primary User Name: arrluke

Primary Domain: FASTMAIL

Primary Logon ID: (0x0,0x167F9)

Client User Name: -

Client Domain: -

Client Logon ID: -

Privileges: SeTakeOwnershipPrivilege

Record Number: 169625
Source Name: Security
Time Written: 20061213220943.000000-300
Event Type: audit success
User:

Computer Name: SACD-LUKE
Event Code: 578
Message: Privileged object operation:

Object Server: Security

Object Handle: 644

Process ID: 3384

Primary User Name: arrluke

Primary Domain: FASTMAIL

Primary Logon ID: (0x0,0x167F9)

Client User Name: -

Client Domain: -

Client Logon ID: -

Privileges: SeTakeOwnershipPrivilege

Record Number: 169624
Source Name: Security
Time Written: 20061213220943.000000-300
Event Type: audit success
User:

Computer Name: SACD-LUKE
Event Code: 578
Message: Privileged object operation:

Object Server: Security

Object Handle: 768

Process ID: 3384

Primary User Name: arrluke

Primary Domain: FASTMAIL

Primary Logon ID: (0x0,0x167F9)

Client User Name: -

Client Domain: -

Client Logon ID: -

Privileges: SeTakeOwnershipPrivilege

Record Number: 169623
Source Name: Security
Time Written: 20061213220943.000000-300
Event Type: audit success
User:

Computer Name: SACD-LUKE
Event Code: 578
Message: Privileged object operation:

Object Server: Security

Object Handle: 768

Process ID: 3384

Primary User Name: arrluke

Primary Domain: FASTMAIL

Primary Logon ID: (0x0,0x167F9)

Client User Name: -

Client Domain: -

Client Logon ID: -

Privileges: SeTakeOwnershipPrivilege

Record Number: 169622
Source Name: Security
Time Written: 20061213220943.000000-300
Event Type: audit success
User:

Computer Name: SACD-LUKE
Event Code: 578
Message: Privileged object operation:

Object Server: Security

Object Handle: 948

Process ID: 3384

Primary User Name: arrluke

Primary Domain: FASTMAIL

Primary Logon ID: (0x0,0x167F9)

Client User Name: -

Client Domain: -

Client Logon ID: -

Privileges: SeTakeOwnershipPrivilege

Record Number: 169621
Source Name: Security
Time Written: 20061213220943.000000-300
Event Type: audit success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

Thanks again for your help!

#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:59 AM

Posted 02 July 2009 - 07:44 PM

hello architect,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

Next

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\System32\iertutil32.dll

Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Next

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then please post back here with the following:
  • checkup.txt
  • Jotti results
  • MBAM log
  • Fresh Rsit log
Thanks

unite.jpg


#6 architect

architect
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 03 July 2009 - 05:30 PM

Hi Syler,

Thanks for replying so quickly. Here are the log files you requested.

Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
WindowsLiveOneCaresafetyscanner
AviraAntiVirPersonal-FreeAntivirus
McAfeeVirusScanEnterprise
NortonSecurityScan(SymantecCorporation)
NortonSecurityScan
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Spyware Doctor 6.0
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Abexo Free Registry Cleaner
Java™ 6 Update 13
Java™ 6 Update 2
Java 2 Runtime Environment, SE v1.4.2_04
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Network Associates VirusScan Mcshield.exe
Network Associates VirusScan VsTskMgr.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 26 seconds.
`````````End of Log```````````







Jotti's malware scan
Filename: iertutil.dll
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Fri 3 Jul 2009 22:54:51 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 1985024 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: ccc1206f5e34fd5ef0cc5301e0eadff3
SHA1: c0dd22ddac7d2f0400e3025dc9c0d8f1e997969d

I couldn't find the iertutil32.dll file, the closest match was iertutil.dll.



Malwarebytes' Anti-Malware 1.38
Database version: 2369
Windows 5.1.2600 Service Pack 3

7/3/2009 6:07:42 PM
mbam-log-2009-07-03 (18-07-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 265229
Time elapsed: 52 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0036dc7 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007a11b (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0084b29 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008e5a9 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00a6c52 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00cce46 (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f5d0e4.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f93a1116.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1fa11b.exe (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> No action taken.

Files Infected:
c:\documents and settings\Wess\local settings\Temp\102.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wess\local settings\Temp\11.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wess\local settings\Temp\23.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wess\local settings\Temp\5B.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\systemx86\197.crack.zip.kwd (Worm.Archive) -> No action taken.
c:\WINDOWS\system32\systemx86\198.keygen.zip.kwd (Worm.Archive) -> No action taken.
c:\WINDOWS\system32\systemx86\199.serial.zip.kwd (Worm.Archive) -> No action taken.
c:\WINDOWS\system32\systemx86\200.setup.zip.kwd (Worm.Archive) -> No action taken.
c:\WINDOWS\system32\systemx86\201.music.au.kwd (Worm.Archive) -> No action taken.
c:\WINDOWS\system32\systemx86\202.music2.au.kwd (Worm.Archive) -> No action taken.
c:\WINDOWS\system32\systemx86\203.music3.au.kwd (Worm.Archive) -> No action taken.
c:\WINDOWS\system32\systemx86\204.music.snd.kwd (Worm.Archive) -> No action taken.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Wess at 2009-07-03 18:22:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (11%) free of 70 GB
Total RAM: 2038 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:35 PM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wess\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Wess.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O4 - Global Startup: Yahoo! Autosync.lnk = C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158911228625
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\iertutil32.dll
O20 - Winlogon Notify: f0720132623 - C:\WINDOWS\System32\iertutil32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9f39222b78bdd) (gupdate1c9f39222b78bdd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Wess/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 14850 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Wess.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-16 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-24 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-22 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-23 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"Adobe Version Cue CS2"=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-23 148888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-11-04 615696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-04-08 321344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F6C5026.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Internet Security Suite]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2005-12-07 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2009-06-24 214560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe [2004-02-22 32881]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-26 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
C:\WINDOWS\system32\WDBtnMgr.exe [2006-12-19 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-06-30 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Wireless Network Monitor.lnk - C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
Yahoo! Autosync.lnk - C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe

C:\Documents and Settings\Wess\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\iertutil32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f0720132623]
C:\WINDOWS\System32\iertutil32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"="C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe"="C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe:*:Disabled:SketchUp Application"
"C:\Program Files\Next Limit\Maxwell\mxst.exe"="C:\Program Files\Next Limit\Maxwell\mxst.exe:*:Disabled:mxst"
"C:\Program Files\Next Limit\Maxwell\mxcl.exe"="C:\Program Files\Next Limit\Maxwell\mxcl.exe:*:Disabled:mxcl"
"C:\Program Files\Next Limit\Maxwell\mxman.exe"="C:\Program Files\Next Limit\Maxwell\mxman.exe:*:Disabled:mxman"
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe"="C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe:*:Disabled:SketchUp Application"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Next Limit\Maxwell\mxst.exe"="C:\Program Files\Next Limit\Maxwell\mxst.exe:*:Disabled:mxst"
"C:\Program Files\Next Limit\Maxwell\mxcl.exe"="C:\Program Files\Next Limit\Maxwell\mxcl.exe:*:Disabled:mxcl"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-07-03 18:13:56 ----D---- C:\WINDOWS\LastGood
2009-07-02 17:22:40 ----D---- C:\Program Files\trend micro
2009-07-02 17:22:39 ----D---- C:\rsit
2009-06-25 17:45:19 ----D---- C:\WINDOWS\ie8updates
2009-06-25 17:42:29 ----D---- C:\Program Files\Abexo
2009-06-25 17:42:07 ----HDC---- C:\WINDOWS\ie8
2009-06-25 11:18:37 ----A---- C:\Documents and Settings\All Users\Application Data\98071556.ini
2009-06-25 09:33:31 ----D---- C:\Documents and Settings\Wess\Application Data\Uniblue
2009-06-24 16:11:35 ----D---- C:\Program Files\Avira
2009-06-24 16:11:35 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-06-24 15:21:24 ----D---- C:\Documents and Settings\Wess\Application Data\Malwarebytes
2009-06-24 15:13:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-24 15:11:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-24 13:54:58 ----D---- C:\Documents and Settings\Wess\Application Data\Real
2009-06-24 13:22:45 ----D---- C:\Documents and Settings\Wess\Application Data\Mozilla
2009-06-24 10:48:33 ----D---- C:\Program Files\Common Files\xing shared
2009-06-24 10:28:54 ----A---- C:\WINDOWS\system32\winset.ini
2009-06-24 10:28:35 ----D---- C:\Program Files\IEToolbar
2009-06-24 10:06:33 ----A---- C:\WINDOWS\GnuHashes.ini
2009-06-24 09:46:49 ----D---- C:\Program Files\Common Files\PC Tools
2009-06-24 09:46:28 ----D---- C:\Program Files\Spyware Doctor
2009-06-24 09:46:28 ----D---- C:\Documents and Settings\Wess\Application Data\PC Tools
2009-06-24 09:46:28 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-06-24 09:46:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-24 09:46:08 ----D---- C:\Program Files\Mozilla Firefox
2009-06-24 09:45:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-24 09:45:51 ----D---- C:\Program Files\Norton Security Scan
2009-06-24 09:45:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-23 21:17:21 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-23 21:17:20 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-23 21:17:20 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-23 21:17:20 ----A---- C:\WINDOWS\system32\java.exe
2009-06-16 02:41:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-16 02:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-16 02:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-16 02:37:32 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-15 17:53:02 ----D---- C:\Program Files\iPod
2009-06-15 17:52:54 ----D---- C:\Program Files\iTunes
2009-06-15 17:46:18 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2009-07-03 18:21:16 ----D---- C:\Documents and Settings\Wess\Application Data\DNA
2009-07-03 18:21:04 ----SH---- C:\boot.ini
2009-07-03 18:21:04 ----A---- C:\WINDOWS\win.ini
2009-07-03 18:21:04 ----A---- C:\WINDOWS\system.ini
2009-07-03 18:14:05 ----HD---- C:\WINDOWS\inf
2009-07-03 18:13:56 ----D---- C:\WINDOWS
2009-07-03 18:12:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-03 18:11:58 ----D---- C:\WINDOWS\Temp
2009-07-03 18:11:45 ----D---- C:\WINDOWS\system32\drivers
2009-07-03 18:11:15 ----D---- C:\Program Files\DNA
2009-07-03 18:11:07 ----SD---- C:\WINDOWS\Tasks
2009-07-03 18:09:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-03 18:08:01 ----D---- C:\WINDOWS\system32
2009-07-03 17:01:27 ----D---- C:\WINDOWS\Prefetch
2009-07-02 17:22:40 ----D---- C:\Program Files
2009-07-02 17:12:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-30 16:00:36 ----SHD---- C:\WINDOWS\Installer
2009-06-30 09:47:41 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-29 09:57:38 ----SHD---- C:\WINDOWS\CSC
2009-06-29 09:57:33 ----D---- C:\WINDOWS\Minidump
2009-06-25 18:31:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-25 18:31:14 ----D---- C:\WINDOWS\system32\en-us
2009-06-25 18:31:14 ----D---- C:\WINDOWS\Media
2009-06-25 18:31:14 ----D---- C:\WINDOWS\Help
2009-06-25 18:31:14 ----D---- C:\Program Files\Internet Explorer
2009-06-25 17:45:39 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-25 17:45:33 ----A---- C:\WINDOWS\imsins.BAK
2009-06-24 16:10:48 ----D---- C:\WINDOWS\WinSxS
2009-06-24 13:51:38 ----D---- C:\Program Files\Autodesk
2009-06-24 10:48:33 ----D---- C:\Program Files\Common Files
2009-06-24 10:48:30 ----D---- C:\Program Files\Common Files\Real
2009-06-24 10:48:26 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-06-24 10:48:21 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-06-24 10:48:21 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-06-24 10:48:20 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-06-24 10:00:13 ----D---- C:\quarantine
2009-06-24 09:46:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-06-24 09:45:58 ----HD---- C:\TEMP
2009-06-24 09:45:11 ----D---- C:\Program Files\Google
2009-06-23 21:16:54 ----D---- C:\Program Files\Java
2009-06-16 02:43:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-15 17:58:47 ----D---- C:\Program Files\Safari
2009-06-15 17:52:59 ----D---- C:\Program Files\Common Files\Apple
2009-06-15 17:42:30 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2006-06-08 58464]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-05-11 21419]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2004-08-18 67584]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2006-06-08 116864]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2005-12-09 67840]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-11-28 27072]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-12-14 551680]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 MRVW245;D-Link Wireless N USB Adapter DWA-130 Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\MRVW245.sys []
S3 NdisWDM;Dynex Enhanced Wireless G USB Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ndiswdm.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-01-23 37664]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-11-05 79360]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-23 152984]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2005-12-07 98304]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2006-02-14 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2006-06-08 29184]
R2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 RetroWDSvc;Retrospect WD Service; C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [2003-12-10 46592]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 gupdate1c9f39222b78bdd;Google Update Service (gupdate1c9f39222b78bdd); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 183280]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-17 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Thanks again, and let me know if there's another location for the iertutil32.dll file.

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:59 AM

Posted 03 July 2009 - 05:38 PM

Hi architect,

I noticed that the MBAM report says no action was taken on the infected items, although they do seem to have gone,
can you cofirm that you choose to remove selected items after the MBAM scan.

Thanks

unite.jpg


#8 architect

architect
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 06 July 2009 - 10:50 AM

Syler,

I am fairly certain that I did choose to remove them. However, I can perform another scan just to verify if you think it's worth it. Just let me know how you'd like to proceed.

Thanks,

Architect

Edited by architect, 06 July 2009 - 10:51 AM.


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:59 AM

Posted 06 July 2009 - 06:35 PM

Architect,

No need to run it again yet I just wanted to confirm that you choose to remove them.


Download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Then please post back here with the following:
  • OTListIt.txt
  • Extra.txt
  • Kaspersky report
Thanks

unite.jpg


#10 architect

architect
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 08 July 2009 - 09:55 AM

Hey Syler,

I finished the tasks you requested in your last reply, here are the reports:


OTL logfile created on: 7/7/2009 3:44:58 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Wess\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.40% Memory free
3.84 Gb Paging File | 2.64 Gb Available in Paging File | 68.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 8.57 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive D: | 24.80 Gb Total Space | 22.56 Gb Free Space | 91.00% Space Free | Partition Type: NTFS
Drive E: | 646.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WESS-PERSONAL
Current User Name: Wess
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
PRC - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/11/05 23:22:51 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2005/12/13 17:45:00 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/11/16 15:35:16 | 00,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2005/12/13 17:41:00 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2005/04/04 19:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/06/23 21:17:00 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/13 20:58:04 | 00,177,472 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
PRC - [2008/11/04 12:09:58 | 00,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/12/08 13:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/04/08 12:21:36 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/06/23 21:17:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/04/04 19:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/12/07 03:55:00 | 00,098,304 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2002/12/17 17:23:32 | 00,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2006/02/14 20:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe
PRC - [2008/01/09 05:44:20 | 06,922,240 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
PRC - [2005/12/07 03:55:00 | 00,229,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2006/06/08 20:00:00 | 00,029,184 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
PRC - [2005/09/21 14:13:44 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
PRC - [2007/08/21 15:28:52 | 00,391,680 | ---- | M] (Nokia Corporation.) -- C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
PRC - [2007/12/07 20:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2003/12/10 23:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2007/07/10 03:15:28 | 00,368,640 | ---- | M] (Nokia Corporation.) -- C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/17 03:35:18 | 00,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2009/06/05 11:48:26 | 00,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
PRC - [2009/06/05 11:48:46 | 00,518,120 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
PRC - [2009/06/05 11:48:22 | 00,065,560 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/07 15:44:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wess\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/01/17 12:59:28 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/11/05 23:22:51 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/06/22 19:35:28 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9f39222b78bdd [Auto | Stopped])
SRV - [2009/06/24 09:45:09 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/23 21:17:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/12/07 03:55:00 | 00,098,304 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2006/02/14 20:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [Auto | Running])
SRV - [2006/06/08 20:00:00 | 00,029,184 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - [2005/09/21 14:13:44 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8 [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped])
SRV - [2003/12/10 23:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc [Auto | Running])
SRV - File not found -- -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/05/11 01:07:41 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2005/10/26 10:01:02 | 00,142,720 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2005/11/02 13:24:36 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2005/03/21 21:48:30 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2005/09/08 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/04/12 21:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/04/12 21:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006/04/12 21:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/12/01 03:40:56 | 00,936,960 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/12/01 03:40:12 | 00,192,512 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2005/12/13 18:09:34 | 01,364,574 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/10/05 00:57:08 | 00,012,544 | R--- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/06/08 20:00:00 | 00,116,864 | ---- | M] (McAfee Inc.) -- C:\WINDOWS\System32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Running])
DRV - [2006/06/08 20:00:00 | 00,058,464 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\System32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [System | Running])
DRV - [2005/12/09 16:39:16 | 00,067,840 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys -- (NWADI [On_Demand | Running])
DRV - [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2006/11/28 21:46:20 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Running])
DRV - [2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/05/01 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/05/20 19:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/12/14 18:04:24 | 00,551,680 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870 [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2005/11/16 15:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2009/01/23 10:49:08 | 00,037,664 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\System32\drivers\tbhsd.sys -- (tbhsd [On_Demand | Stopped])
DRV - [2005/05/13 17:27:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbccid.sys -- (USBCCID [On_Demand | Running])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP [On_Demand | Stopped])
DRV - [2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2004/08/18 03:00:00 | 00,067,584 | ---- | M] (WIBU-SYSTEMS AG) -- C:\WINDOWS\System32\DRIVERS\Wibukey.sys -- (WIBUKEY [Auto | Running])
DRV - [2005/12/01 03:40:08 | 00,669,696 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/06/08 20:00:00 | 00,008,448 | ---- | M] (Network Associates, Inc) -- C:\WINDOWS\System32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-57989841-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-57989841-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-57989841-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-57989841-823518204-725345543-1006\S-1-5-21-57989841-823518204-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-823518204-725345543-1006\S-1-5-21-57989841-823518204-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081010W
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/02/14 00:16:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/23 21:17:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/06/24 09:46:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/24 10:48:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/24 13:22:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/24 10:48:35 | 00,000,000 | ---D | M]

[2009/06/24 13:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wess\Application Data\mozilla\Extensions
[2009/06/24 13:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wess\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/24 13:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wess\Application Data\mozilla\Firefox\Profiles\lqkmud7v.default\extensions
[2009/06/24 09:46:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/24 09:46:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/02 21:52:45 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/07/02 21:52:46 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 21:52:47 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/24 10:48:26 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/24 10:48:35 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/06/24 10:48:23 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/07/02 12:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 12:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 12:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/07/02 12:31:38 | 00,002,642 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 12:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 12:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 12:31:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-57989841-823518204-725345543-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-57989841-823518204-725345543-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-823518204-725345543-1006..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-57989841-823518204-725345543-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-823518204-725345543-1006..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Yahoo! Autosync.lnk = C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe (Nokia Corporation.)
O4 - Startup: C:\Documents and Settings\Wess\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-823518204-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-57989841-823518204-725345543-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-57989841-823518204-725345543-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1158911228625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\iertutil32.dll) - C:\WINDOWS\System32\iertutil32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\f0720132623: DllName - C:\WINDOWS\System32\iertutil32.dll - C:\WINDOWS\System32\iertutil32.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Wess/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/20 18:17:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5c26e6a2-7348-11db-98f2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{5c26e6a2-7348-11db-98f2-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b147b2df-66c2-11db-98cd-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b147b2df-66c2-11db-98cd-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/07/07 15:44:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wess\Desktop\OTL.exe
[2009/07/07 15:41:55 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Wess\Desktop\ATF-Cleaner.exe
[2009/07/06 11:44:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/07/03 16:11:56 | 00,561,464 | ---- | C] () -- C:\Documents and Settings\Wess\Desktop\SecurityCheck.exe
[2009/07/02 17:22:40 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/07/02 17:22:39 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/02 17:22:18 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Wess\Desktop\RSIT.exe
[2009/06/30 16:00:33 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/06/30 16:00:32 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/06/26 11:43:06 | 00,012,376 | ---- | C] () -- C:\Documents and Settings\Wess\Desktop\envelope_personal.docx
[2009/06/26 00:51:17 | 00,359,893 | ---- | C] () -- C:\Documents and Settings\Wess\Desktop\dds.scr
[2009/06/25 17:45:34 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/25 17:45:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/25 17:44:54 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/25 17:44:54 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/25 17:42:30 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\Wess\Desktop\Abexo Free Registry Cleaner.lnk
[2009/06/25 17:42:29 | 00,000,000 | ---D | C] -- C:\Program Files\Abexo
[2009/06/25 17:42:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/25 11:18:37 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\98071556.ini
[2009/06/25 10:02:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Wess\Desktop\windows-kb890830-v2.11.exe
[2009/06/25 10:02:37 | 03,161,773 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Wess\Desktop\windows-kb890830-v2.11.exe.part
[2009/06/25 09:33:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wess\Application Data\Uniblue
[2009/06/24 16:11:54 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/06/24 16:11:37 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/06/24 16:11:37 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/06/24 16:11:37 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/06/24 16:11:37 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/06/24 16:11:37 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/06/24 16:11:35 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/06/24 16:11:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/06/24 15:21:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wess\Application Data\Malwarebytes
[2009/06/24 15:21:13 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/24 15:13:39 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/24 15:13:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/24 15:11:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/24 15:06:29 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._mbam-setup.exe
[2009/06/24 15:04:50 | 00,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2009/06/24 13:54:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wess\Application Data\Real
[2009/06/24 13:22:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wess\Local Settings\Application Data\Mozilla
[2009/06/24 13:22:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wess\Application Data\Mozilla
[2009/06/24 10:48:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/06/24 10:48:32 | 00,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/06/24 10:28:54 | 00,000,218 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2009/06/24 10:28:35 | 00,000,000 | ---D | C] -- C:\Program Files\IEToolbar
[2009/06/24 10:06:33 | 00,017,428 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2009/06/24 09:59:04 | 00,001,865 | -HS- | C] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/06/24 09:58:55 | 00,005,493 | -HS- | C] () -- C:\Documents and Settings\Wess\Application Data\0200000097aa7a2e623C.manifest
[2009/06/24 09:58:55 | 00,002,492 | -HS- | C] () -- C:\Documents and Settings\Wess\Application Data\0200000097aa7a2e623P.manifest
[2009/06/24 09:58:55 | 00,000,565 | -HS- | C] () -- C:\Documents and Settings\Wess\Application Data\0200000097aa7a2e623O.manifest
[2009/06/24 09:58:55 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Wess\Application Data\0200000097aa7a2e623S.manifest
[2009/06/24 09:47:26 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/06/24 09:47:08 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/06/24 09:47:08 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/06/24 09:46:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/06/24 09:46:48 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/06/24 09:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/06/24 09:46:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wess\Application Data\PC Tools
[2009/06/24 09:46:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/06/24 09:46:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/24 09:46:15 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/24 09:46:08 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/06/24 09:45:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/06/24 09:45:55 | 00,000,406 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Wess.job
[2009/06/24 09:45:51 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2009/06/24 09:45:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/06/24 09:45:11 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/23 21:17:21 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/06/23 21:17:20 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/06/23 21:17:20 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/06/23 21:17:20 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/06/22 19:37:42 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/06/17 12:39:14 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mbam-setup.exe
[2009/06/15 17:53:51 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/15 17:53:02 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/15 17:52:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/15 17:46:18 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/02/21 08:25:20 | 00,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/02/13 18:00:02 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/18 15:59:56 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/11 11:02:25 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/12 20:31:28 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/07/12 19:24:55 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/27 14:03:53 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/09/30 12:08:48 | 00,000,057 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2006/09/27 13:07:52 | 00,000,235 | ---- | C] () -- C:\WINDOWS\AGSCDV3.INI
[2006/09/22 10:26:37 | 00,000,169 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/21 16:55:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/18 14:47:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/21 12:02:28 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/10/05 11:27:56 | 00,304,572 | ---- | C] () -- C:\WINDOWS\System32\Inter32.DLL
[2004/08/04 08:00:00 | 00,000,658 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/07 15:44:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wess\Desktop\OTL.exe
[2009/07/07 15:41:56 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Wess\Desktop\ATF-Cleaner.exe
[2009/07/07 15:05:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/07 13:05:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/06 17:30:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/06 16:05:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/06 12:01:16 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/07/06 11:42:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/06 11:41:00 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/07/06 11:40:55 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/07/06 11:40:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/06 11:40:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/03 18:21:04 | 00,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/03 18:21:04 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/03 18:21:04 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/07/03 16:11:57 | 00,561,464 | ---- | M] () -- C:\Documents and Settings\Wess\Desktop\SecurityCheck.exe
[2009/07/02 17:22:28 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Wess\Desktop\RSIT.exe
[2009/07/02 17:11:56 | 00,008,192 | ---- | M] () -- C:\Documents and Settings\Wess\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/29 10:05:40 | 00,017,428 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2009/06/29 09:58:22 | 00,002,492 | -HS- | M] () -- C:\Documents and Settings\Wess\Application Data\0200000097aa7a2e623P.manifest
[2009/06/29 09:58:12 | 00,005,493 | -HS- | M] () -- C:\Documents and Settings\Wess\Application Data\0200000097aa7a2e623C.manifest
[2009/06/29 09:58:12 | 00,000,565 | -HS- | M] () -- C:\Documents and Settings\Wess\Application Data\0200000097aa7a2e623O.manifest
[2009/06/29 09:58:12 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\Wess\Application Data\0200000097aa7a2e623S.manifest
[2009/06/27 10:00:08 | 00,001,865 | -HS- | M] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/06/26 15:00:00 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Wess.job
[2009/06/26 11:43:07 | 00,012,376 | ---- | M] () -- C:\Documents and Settings\Wess\Desktop\envelope_personal.docx
[2009/06/26 01:03:19 | 00,359,893 | ---- | M] () -- C:\Documents and Settings\Wess\Desktop\dds.scr
[2009/06/25 17:45:33 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/25 17:42:30 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\Wess\Desktop\Abexo Free Registry Cleaner.lnk
[2009/06/25 11:18:37 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\98071556.ini
[2009/06/25 10:07:02 | 03,161,773 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Wess\Desktop\windows-kb890830-v2.11.exe.part
[2009/06/25 10:02:39 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Wess\Desktop\windows-kb890830-v2.11.exe
[2009/06/25 09:57:47 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/06/24 16:11:54 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/06/24 15:06:31 | 00,004,096 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._mbam-setup.exe
[2009/06/24 15:04:50 | 00,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2009/06/24 10:48:32 | 00,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/06/24 10:48:26 | 00,185,944 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/06/24 10:48:21 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/06/24 10:48:21 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/06/24 10:48:20 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/06/24 10:30:22 | 00,000,218 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2009/06/24 09:46:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/23 21:16:59 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/06/23 21:16:59 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/06/23 21:16:59 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/06/23 21:16:59 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/06/23 21:16:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/06/22 19:37:42 | 00,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/06/17 13:03:21 | 00,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/17 12:39:14 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mbam-setup.exe
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/15 17:53:51 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >





OTL Extras logfile created on: 7/7/2009 3:44:58 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Wess\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.40% Memory free
3.84 Gb Paging File | 2.64 Gb Available in Paging File | 68.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 8.57 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive D: | 24.80 Gb Total Space | 22.56 Gb Free Space | 91.00% Space Free | Partition Type: NTFS
Drive E: | 646.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WESS-PERSONAL
Current User Name: Wess
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/02/13 18:10:12 | 08,101,888 | ---- | M] (@Last Software, Inc.) -- C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe:*:Disabled:SketchUp Application
[2009/06/05 13:39:18 | 14,073,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/01/18 11:09:26 | 03,801,088 | ---- | M] () -- C:\Program Files\Next Limit\Maxwell\mxst.exe:*:Disabled:mxst
[2005/07/01 20:42:48 | 01,642,496 | ---- | M] () -- C:\Program Files\Next Limit\Maxwell\mxcl.exe:*:Disabled:mxcl
[2009/06/24 10:48:21 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005/12/07 03:55:00 | 00,098,304 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
[2005/09/21 15:28:14 | 05,294,592 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8
[2006/02/13 18:10:12 | 08,101,888 | ---- | M] (@Last Software, Inc.) -- C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe:*:Disabled:SketchUp Application
[2006/01/18 11:09:26 | 03,801,088 | ---- | M] () -- C:\Program Files\Next Limit\Maxwell\mxst.exe:*:Disabled:mxst
[2005/07/01 20:42:48 | 01,642,496 | ---- | M] () -- C:\Program Files\Next Limit\Maxwell\mxcl.exe:*:Disabled:mxcl
[2005/04/14 22:30:08 | 00,208,896 | ---- | M] () -- C:\Program Files\Next Limit\Maxwell\mxman.exe:*:Disabled:mxman
[2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2
[2009/04/17 03:30:12 | 12,438,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/04/08 12:21:36 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2009/06/05 13:39:18 | 14,073,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell
[2009/04/01 14:15:44 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent
[2009/03/16 18:47:48 | 24,095,528 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{034E061B-B3A3-4123-842E-10C1B6B3C8C7}" = BlackBerry Desktop Software 4.7
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0B59A227-CAC2-4688-8759-580B4DC5F220}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19E6ECAE-E43E-4551-887D-E8F2680EDF8C}" = SketchUp 5 Symbols Library
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A11206C-4377-49E8-911E-B11548658FF3}" = Revit Architecture 2008
"{5783F2D7-4004-0409-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 2006
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
"{795AF20A-51C5-4BAF-9EF5-AA38105C6141}" = Norton Security Scan
"{7EBC0489-5E47-498D-BE31-B094484612E9}" = Autodesk Revit Building 8.1
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{862E85C6-3A84-444C-A9B8-456E8115C392}" = SketchUp 5 Transportation Library
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{98B672F2-857C-4CC9-A25D-6B218077F4F6}" = Yahoo! Autosync
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A535CF14-E12F-40B0-B6A3-6E214EA12CD3}" = SketchUp 5 Architecture Library
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B357C4B4-9024-4B64-9B3F-A6729031C3DD}" = SketchUp 5
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BFB3EA26-D666-4FDE-ADB5-F3D7BD5985A5}" = BlackBerry Device Communication Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBB313D6-4B13-4961-BD5F-673CDA1793CC}" = Autodesk 3ds Max 8
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}" = Dell Mobile Broadband Card Utility
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EDAA5D11-FAA6-425A-AF9D-0D7B5FCDCD74}" = SketchUp 5 Landscape Architecture Library
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EEB97B65-667A-4D76-ABD4-441FB30D5CE6}" = Maxwell Render
"{FC4CD3F4-C46C-4110-A96B-C938738FD690}" = NetLibrary Media Center
"001FFFFFFF09FF00FF0701F00F02F000-R1" = ArchiCAD 9 INT
"Abexo Free Registry Cleaner" = Abexo Free Registry Cleaner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AGSCDROM" = AGS CD-ROM Version 3.0
"Artlantis Studio" = Artlantis Studio 1.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{034E061B-B3A3-4123-842E-10C1B6B3C8C7}" = BlackBerry Desktop Software 4.7
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MaxwellExport_is1" = MaxwellExport 0.4.1 (Alpha)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{795AF20A-51C5-4BAF-9EF5-AA38105C6141}" = Norton Security Scan (Symantec Corporation)
"Oce 9400" = Oce 9400
"RealPlayer 6.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor 6.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2009 9:57:19 AM | Computer Name = WESS-PERSONAL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/25/2009 9:57:23 AM | Computer Name = WESS-PERSONAL | Source = Application Hang | ID = 1001
Description = Fault bucket 1283385725.

Error - 6/25/2009 1:34:02 PM | Computer Name = WESS-PERSONAL | Source = ESENT | ID = 489
Description = wuauclt (512) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/25/2009 1:34:02 PM | Computer Name = WESS-PERSONAL | Source = ESENT | ID = 455
Description = wuaueng.dll (512) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 6/25/2009 1:34:12 PM | Computer Name = WESS-PERSONAL | Source = ESENT | ID = 489
Description = wuauclt (512) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/25/2009 1:34:12 PM | Computer Name = WESS-PERSONAL | Source = ESENT | ID = 455
Description = wuaueng.dll (512) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 6/25/2009 5:36:53 PM | Computer Name = WESS-PERSONAL | Source = Application Hang | ID = 1002
Description = Hanging application 18061564.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/25/2009 5:37:04 PM | Computer Name = WESS-PERSONAL | Source = Application Hang | ID = 1001
Description = Fault bucket 1337697204.

Error - 6/25/2009 7:12:52 PM | Computer Name = WESS-PERSONAL | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The update failed; see event log.(from WESS-PERSONAL
IP 127.0.0.1 user SYSTEM running VirusScan Ent. 8.0.0 UPD)

Error - 6/26/2009 9:00:14 AM | Computer Name = WESS-PERSONAL | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 9/12/2008 12:19:32 AM | Computer Name = WESS-PERSONAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 82
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2/14/2009 11:50:07 AM | Computer Name = WESS-PERSONAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 297
seconds with 240 seconds of active time. This session ended with a crash.

Error - 3/6/2009 11:56:54 AM | Computer Name = WESS-PERSONAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 335083
seconds with 420 seconds of active time. This session ended with a crash.

Error - 3/26/2009 5:56:22 PM | Computer Name = WESS-PERSONAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 202631
seconds with 2760 seconds of active time. This session ended with a crash.

Error - 4/1/2009 12:20:52 PM | Computer Name = WESS-PERSONAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3684
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/29/2009 7:56:24 PM | Computer Name = WESS-PERSONAL | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 6/29/2009 7:56:24 PM | Computer Name = WESS-PERSONAL | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 6/29/2009 7:56:24 PM | Computer Name = WESS-PERSONAL | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 6/29/2009 7:56:24 PM | Computer Name = WESS-PERSONAL | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/29/2009 7:57:34 PM | Computer Name = WESS-PERSONAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/29/2009 7:57:34 PM | Computer Name = WESS-PERSONAL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NaiAvTdi1 NetBIOS NetBT OMCI RasAcd Rdbss ssmdrv
Tcpip

Error - 6/29/2009 7:57:55 PM | Computer Name = WESS-PERSONAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/30/2009 9:48:31 AM | Computer Name = WESS-PERSONAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/2/2009 5:09:49 PM | Computer Name = WESS-PERSONAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.0.1.21 on the
Network
Card with network address 001C10EC28F7.

Error - 7/2/2009 5:11:59 PM | Computer Name = WESS-PERSONAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}


< End of report >





KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, July 07, 2009 22:00:04
Records in database: 2438441


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 146883
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 04:46:53

File name Threat name Threats count
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.



I believe that is everything. Hope you're having a good day.

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:59 AM

Posted 08 July 2009 - 06:38 PM

Hi architect,

Looks like we are getting their, can you tell me how your computer is running and if you are having anymore issues, in your next reply.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AntiVir or McAfee.

Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\iertutil32.dll) - C:\WINDOWS\System32\iertutil32.dll File not found
    O20 - Winlogon\Notify\f0720132623: DllName - C:\WINDOWS\System32\iertutil32.dll - C:\WINDOWS\System32\iertutil32.dll File not found
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Wess/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
    :Files
    C:\Documents and Settings\All Users\Application Data\98071556.ini
    C:\WINDOWS\System32\winset.ini
    C:\Documents and Settings\Wess\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
Then please post back here with the OTL result and a new DDS log.

Thanks

unite.jpg


#12 architect

architect
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 July 2009 - 10:39 AM

Hi Syler,

My system is definitely running more smoothly. I'm not getting redirected to obscure websites anylonger, no more unexpected shutdowns, and my antivirus program is not filling my screen with notifications. There are currently only two notifications that I'm concerned about. The first is I'm still getting notification of a rootkit.tdds file from AntiVir, I always choose to block it; is this somehow preventing the scans and cleanups we've been doing from fixing it? The other item that is happening quite frequently is a windows bad image message:

"The application or DLL globalroot/systemroot/system32/SKYNETmgodvjxv.dll is not a valid windows image. Please check this against your installation diskette."

Other than these two items, everything seems to be in good working order. I feel much more comfortable with my computer than I did a week ago. I've been refraining from entering any passwords or checking mail on this computer ever since the virus problem started. It will be nice to have that secure feeling once again. It would not have been possible without your help.

Here are the logs you requested in your last post:

All processes killed
========== OTL ==========
No active process named Explorer.EXE was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\iertutil32.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f0720132623\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File file:///C:/DOCUME~1/Wess/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg not found.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\98071556.ini moved successfully.
C:\WINDOWS\System32\winset.ini moved successfully.
C:\Documents and Settings\Wess\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
File\Folder Commands not found.
File\Folder [purity] not found.
File\Folder [emptytemp] not found.
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.0.6.5 log created on 07092009_102315

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






DDS (Ver_09-05-14.01) - NTFSx86
Run by Wess at 10:35:03.25 on Thu 07/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1048 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wess\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
StartupFolder: c:\docume~1\wess\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~2.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\yahoo! autosync\AutosyncForYahoo.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158911228625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-24 130936]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-24 11608]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-9-20 58464]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-24 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-24 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-24 55640]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-9-20 98304]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2006-2-14 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2006-6-8 29184]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-24 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-24 1095560]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-9-20 116864]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
S2 gupdate1c9f39222b78bdd;Google Update Service (gupdate1c9f39222b78bdd);c:\program files\google\update\GoogleUpdate.exe [2009-6-22 133104]
S3 NdisWDM;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\drivers\ndiswdm.sys --> c:\windows\system32\drivers\ndiswdm.sys [?]

=============== Created Last 30 ================

2009-07-08 23:34 <DIR> --d----- c:\documents and settings\wess\.SunDownloadManager
2009-07-02 17:22 <DIR> --d----- c:\program files\trend micro
2009-06-25 18:45 <DIR> --dsh--- c:\documents and settings\wess\PrivacIE
2009-06-25 18:31 <DIR> --dsh--- c:\documents and settings\wess\IETldCache
2009-06-25 17:42 <DIR> --d----- c:\program files\Abexo
2009-06-25 09:33 <DIR> --d----- c:\docume~1\wess\applic~1\Uniblue
2009-06-24 16:11 <DIR> --d----- c:\program files\Avira
2009-06-24 16:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-24 15:21 <DIR> --d----- c:\docume~1\wess\applic~1\Malwarebytes
2009-06-24 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-24 15:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-24 10:48 <DIR> --d----- c:\program files\common files\xing shared
2009-06-24 10:28 <DIR> --d----- c:\program files\IEToolbar
2009-06-24 09:46 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-24 09:46 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-24 09:46 <DIR> --d----- c:\docume~1\wess\applic~1\PC Tools
2009-06-24 09:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-24 09:45 <DIR> --d----- c:\temp\google
2009-06-24 09:45 <DIR> --d----- c:\program files\Norton Security Scan
2009-06-15 17:53 <DIR> --d----- c:\program files\iPod
2009-06-15 17:52 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================


============= FINISH: 10:38:09.39 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/20/2006 6:20:30 PM
System Uptime: 7/9/2009 10:24:36 AM (0 hours ago)

Motherboard: Dell Inc. | | 0TD761
Processor: Genuine Intel® CPU T2500 @ 2.00GHz | Microprocessor | 1994/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 8.79 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 22.564 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP354: 6/24/2009 10:29:10 AM - System Checkpoint
RP355: 6/24/2009 10:29:10 AM - System Checkpoint
RP356: 6/24/2009 10:29:10 AM - Software Distribution Service 3.0
RP357: 6/24/2009 10:29:10 AM - System Checkpoint
RP358: 6/24/2009 10:29:11 AM - Software Distribution Service 3.0
RP359: 6/24/2009 10:29:11 AM - System Checkpoint
RP360: 6/24/2009 10:29:11 AM - Software Distribution Service 3.0
RP361: 6/24/2009 10:29:11 AM - System Checkpoint
RP362: 6/24/2009 10:29:11 AM - System Checkpoint
RP363: 6/24/2009 10:29:11 AM - System Checkpoint
RP364: 6/24/2009 10:29:11 AM - System Checkpoint
RP365: 6/24/2009 10:29:11 AM - System Checkpoint
RP366: 6/24/2009 10:29:12 AM - System Checkpoint
RP367: 6/24/2009 10:29:12 AM - System Checkpoint
RP368: 6/24/2009 10:29:12 AM - System Checkpoint
RP369: 6/24/2009 10:29:12 AM - System Checkpoint
RP370: 6/24/2009 10:29:13 AM - Software Distribution Service 3.0
RP371: 6/24/2009 10:29:13 AM - System Checkpoint
RP372: 6/24/2009 10:29:13 AM - Software Distribution Service 3.0
RP373: 6/24/2009 10:29:13 AM - Installed NetLibrary Media Center.
RP374: 6/24/2009 10:29:13 AM - Software Distribution Service 3.0
RP375: 6/24/2009 10:29:13 AM - System Checkpoint
RP376: 6/24/2009 10:29:13 AM - Software Distribution Service 3.0
RP377: 6/24/2009 10:29:14 AM - Software Distribution Service 3.0
RP378: 6/24/2009 10:29:14 AM - Software Distribution Service 3.0
RP379: 6/24/2009 10:29:14 AM - System Checkpoint
RP380: 6/24/2009 10:29:15 AM - Software Distribution Service 3.0
RP381: 6/24/2009 10:29:15 AM - System Checkpoint
RP382: 6/24/2009 10:29:15 AM - Software Distribution Service 3.0
RP383: 6/24/2009 10:29:16 AM - System Checkpoint
RP384: 6/24/2009 10:29:16 AM - Software Distribution Service 3.0
RP385: 6/24/2009 10:29:17 AM - System Checkpoint
RP386: 6/24/2009 10:29:17 AM - System Checkpoint
RP387: 6/24/2009 10:29:18 AM - Software Distribution Service 3.0
RP388: 6/24/2009 10:29:18 AM - System Checkpoint
RP389: 6/24/2009 10:29:18 AM - Software Distribution Service 3.0
RP390: 6/24/2009 10:29:18 AM - Software Distribution Service 3.0
RP391: 6/24/2009 10:29:18 AM - System Checkpoint
RP392: 6/24/2009 10:29:19 AM - Software Distribution Service 3.0
RP393: 6/24/2009 10:29:19 AM - System Checkpoint
RP394: 6/24/2009 10:29:19 AM - Software Distribution Service 3.0
RP395: 6/24/2009 10:29:19 AM - Software Distribution Service 3.0
RP396: 6/24/2009 10:29:19 AM - System Checkpoint
RP397: 6/24/2009 10:29:19 AM - Software Distribution Service 3.0
RP398: 6/24/2009 10:29:19 AM - System Checkpoint
RP399: 6/24/2009 10:29:19 AM - Software Distribution Service 3.0
RP400: 6/24/2009 10:29:19 AM - System Checkpoint
RP401: 6/24/2009 10:29:20 AM - Installed Java™ 6 Update 13
RP402: 6/24/2009 10:29:20 AM - Software Distribution Service 3.0
RP403: 6/24/2009 1:51:33 PM - Removed Backburner

==== Installed Programs ======================


==== Event Viewer Messages From Past Week ========


==== End Of File ===========================


Thanks again!

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:59 AM

Posted 09 July 2009 - 04:58 PM

Hi architect,

That's slightly worrying as they are both Rootkit files, so let's do some more checks. First update then run MBAM again,
Then run a Gmer scan and post back with both logs.

Thanks

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

unite.jpg


#14 architect

architect
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 10 July 2009 - 03:00 PM

Hi Syler,

Here are the logs you requested. I'll keep my fingers crossed for some good news. The forum wouldn't allow me to place both logs in a single post, so the gmer log is in the next reply.

Thanks!

Malwarebytes' Anti-Malware 1.38
Database version: 2402
Windows 5.1.2600 Service Pack 3

7/10/2009 10:09:49 AM
mbam-log-2009-07-10 (10-09-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 265889
Time elapsed: 52 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 architect

architect
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 10 July 2009 - 03:02 PM

This is the first half of the gmer log, I had to split it up as well...

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-10 15:36:26
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 8A16EA10 ZwEnumerateKey
Code 8A16E5F0 ZwFlushInstructionCache
Code 8A1723F6 IofCallDriver
Code 8A243856 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A1723FB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A24385B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8A16E5F4
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 8A16EA14
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[176] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[176] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[176] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[176] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 047E0001
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A90D480 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A90D500 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A90D3E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A90D3C0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A90D420 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A90D400 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A90D3A0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A90D550 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A90D560 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A90D581 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A90D650 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A90D620 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A90D590 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A90D2E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A90D270 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A90D230 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[260] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A90D2B0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[296] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[296] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[296] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[296] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[296] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[296] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 089A000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DB0001
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[296] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[296] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[540] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[540] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[540] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[540] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[540] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[540] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[540] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006A000A
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[540] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01110001
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[540] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[540] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003E000A
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08F60001
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Documents and Settings\Wess\Desktop\vpggpt6s.exe[572] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[640] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[640] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[640] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[640] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[640] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[640] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[640] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012B0001
.text C:\Program Files\Bonjour\mDNSResponder.exe[640] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[640] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01960001
.text C:\WINDOWS\system32\csrss.exe[792] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\csrss.exe[792] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text C:\WINDOWS\system32\winlogon.exe[816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01410001
.text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003B000A
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01790001
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[864] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[864] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[864] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014B0001
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[876] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[876] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[876] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01DF000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01E30001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FB0001
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01190001
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 029C0001
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[1204] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1204] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1204] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1236] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01580001
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1248] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D00001
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1312] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[1372] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[1372] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[1372] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[1372] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[1372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[1372] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[1372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 101C0001
.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[1372] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[1372] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[1424] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[1424] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[1424] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[1424] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[1424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[1424] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[1424] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0064000A
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[1424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01620001
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[1424] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[1424] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CC0001
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1456] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\Explorer.EXE[1672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1672] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[1672] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] ws2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] ws2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] ws2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] ws2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1672] ws2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe[1704] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe[1704] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe[1704] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe[1704] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe[1704] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe[1704] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe[1704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01210001
.text C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe[1704] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe[1704] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013A0001
.text C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\SCardSvr.exe[1948] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[1948] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[1948] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[1948] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[1948] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[1948] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\SCardSvr.exe[1948] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\System32\SCardSvr.exe[1948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001
.text C:\WINDOWS\System32\SCardSvr.exe[1948] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\SCardSvr.exe[1948] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 089D000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CE0001
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2124] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2124] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2124] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2124] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2124] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2124] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08B7000A
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E80001
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2124] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[2124] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2172] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2172] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2172] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2172] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2172] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2172] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2172] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0070000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EE0001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2172] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2172] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2192] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2216] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2216] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2216] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2216] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2216] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2216] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01780001
.text C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2216] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2216] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[2540] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2540] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[2540] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2540] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[2540] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2540] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2540] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[2540] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[2540] msvcrt.dll!system 77C293C7 5 Bytes JMP 3700775C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 370076A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 3700771E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] msvcrt.dll!_write 77C30303 5 Bytes JMP 370076E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] WININET.dll!InternetOpenUrlA 3D95F3D4 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2540] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2540] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\iPod\bin\iPodService.exe[2652] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[2652] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[2652] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[2652] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[2652] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[2652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[2652] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0089000A
.text C:\Program Files\iPod\bin\iPodService.exe[2652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001
.text C:\Program Files\iPod\bin\iPodService.exe[2652] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\iPod\bin\iPodService.exe[2652] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\iPod\bin\iPodService.exe[2652] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxpers.exe[2664] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[2664] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\igfxpers.exe[2664] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[2664] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\igfxpers.exe[2664] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[2664] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\igfxpers.exe[2664] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes JMP 0092000A
.text C:\WINDOWS\system32\igfxpers.exe[2664] ntdll.dll!LdrLoadDll + 4 7C9163C7 1 Byte [84]
.text C:\WINDOWS\system32\igfxpers.exe[2664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001
.text C:\WINDOWS\system32\igfxpers.exe[2664] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\igfxpers.exe[2664] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\stsystra.exe[2672] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[2672] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\stsystra.exe[2672] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[2672] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\stsystra.exe[2672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[2672] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\stsystra.exe[2672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A
.text C:\WINDOWS\stsystra.exe[2672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01170001
.text C:\WINDOWS\stsystra.exe[2672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\stsystra.exe[2672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2680] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2680] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2680] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2680] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2680] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2680] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2680] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 089E000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2680] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E40001
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2680] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2680] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[2696] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[2696] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\igfxsrvc.exe[2696] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[2696] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\igfxsrvc.exe[2696] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[2696] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\igfxsrvc.exe[2696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\igfxsrvc.exe[2696] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001
.text C:\WINDOWS\system32\igfxsrvc.exe[2696] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[2696] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[2736] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[2736] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[2736] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[2736] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[2736] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[2736] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[2736] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D000A
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[2736] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[2736] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[2736] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2748] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2748] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2748] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2748] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2748] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2748] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2748] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08C7000A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2748] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2748] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe[2772] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe[2772] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe[2772] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe[2772] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe[2772] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe[2772] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe[2772] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0B050001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe[2772] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe[2772] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2860] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2860] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2860] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2860] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2860] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2860] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2860] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2876] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2876] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[2876] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2876] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[2876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2876] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[2876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02410001
.text C:\Program Files\iTunes\iTunesHelper.exe[2876] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2876] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2908] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes JMP 0192000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2908] ntdll.dll!LdrLoadDll + 4 7C9163C7 1 Byte [85]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2908] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0C600001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2908] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2908] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2908] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2916] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2916] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2916] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2916] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2916] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2916] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AB000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 09C10001
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2916] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2916] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2944] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2944] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2944] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2944] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2944] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2944] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2944] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BA000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 09030001
.text C:\Program Files\Java\jre6\bin\jusched.exe[2944] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2944] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2996] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2996] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2996] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2996] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2996] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2996] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2996] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 09770001
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2996] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2996] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[3008] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3008] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[3008] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3008] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[3008] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3008] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[3008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 088F000A
.text C:\WINDOWS\system32\ctfmon.exe[3008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08FC0001
.text C:\WINDOWS\system32\ctfmon.exe[3008] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\ctfmon.exe[3008] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3096] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3096] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3096] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3096] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3096] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3096] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 09EA0001
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3096] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3096] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\DNA\btdna.exe[3104] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DNA\btdna.exe[3104] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\DNA\btdna.exe[3104] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DNA\btdna.exe[3104] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\DNA\btdna.exe[3104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DNA\btdna.exe[3104] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\DNA\btdna.exe[3104] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0A520001
.text C:\Program Files\DNA\btdna.exe[3104] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\DNA\btdna.exe[3104] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3176] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3176] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3176] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3176] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3176] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3176] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3176] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[3340] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3340] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\alg.exe[3340] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3340] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[3340] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3340] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[3340] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006F0001
.text C:\WINDOWS\System32\alg.exe[3340] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[3340] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\alg.exe[3340] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3372] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3372] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3372] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3372] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3372] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 091A0001
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3372] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3372] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3432] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3432] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3432] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3432] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3432] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3432] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3432] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0109000A
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 096F0001
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3432] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3432] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe[3460] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe[3460] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe[3460] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe[3460] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe[3460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe[3460] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe[3460] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F8000A
.text C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe[3460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014E0001
.text C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe[3460] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe[3460] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes JMP 0092000A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] ntdll.dll!LdrLoadDll + 4 7C9163C7 1 Byte [84]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 09930001
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wscntfy.exe[3512] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3512] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3512] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3512] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3512] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[3512] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wscntfy.exe[3512] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\wscntfy.exe[3512] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe[3800] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe[3800] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe[3800] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe[3800] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe[3800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe[3800] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe[3800] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003E000A
.text C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe[3800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 09E20001
.text C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe[3800] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe[3800] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01E1000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01E50001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe[4828] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08F60001
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[5880] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[5880] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[5880] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[5880] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[5880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[5880] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[5880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012B0001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[5880] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[5880] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe[5880] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users