Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ntoskrnl-hook has taken over my pc + google redirect


  • This topic is locked This topic is locked
19 replies to this topic

#1 mrback

mrback

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 15 September 2009 - 12:30 AM

1. Found ntoskrnl-hook with Mc Afee and supposedly removed it
2. Upon seeing that it keeps coming back, spent the entire day trying new approaches
3. Installed AVZ4, NVT, Combofix, ATF Cleaner , Dr.Web CureIt
4. Performed full scan, found additional malware
5. I don't get anymore the google search symptoms but when I use msconfig and modify some of the start -up functions I get a prompt asking me to log as the administrator even though I am logged as the admin
6. I have all the latest AVZ and combofix logs available

So, now I am more than ready for some kind soul to guide me through how to recover usage of my beloved PC.
Thanks, and hope to hear from one of you guys/girls soon.
Andy

Also please find below the DDS log

DDS (Ver_09-07-30.01) - NTFSx86
Run by Andrew at 21:56:13.78 on Mon 09/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.759.292 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\imapi.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: InlineSearchHandleHotKeys Class: {b6ffe2ae-4d12-451f-b457-fe6125ffb1cf} - c:\program files\ieforge\inline search\InlineSearch.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {ACB1E670-3217-45C4-A021-6B829A8A27CB} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://webapp.reshealthcare.org/remotenet/cds/ICAWEB/en/ica32/ica32t.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244179511406
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\4vsnsijg.default\
FF - component: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\4vsnsijg.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\4vsnsijg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\4vsnsijg.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\4vsnsijg.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\andrew\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npaxctrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-19 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-8-19 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-8-19 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-19 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-19 35272]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-7-16 26488]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\temp\8f.tmp --> c:\windows\temp\8F.tmp [?]
S3 CHQOB;CHQOB;c:\docume~1\andrew\locals~1\temp\chqob.exe --> c:\docume~1\andrew\locals~1\temp\CHQOB.exe [?]
S3 CQUICVOB;CQUICVOB;c:\docume~1\andrew\locals~1\temp\cquicvob.exe --> c:\docume~1\andrew\locals~1\temp\CQUICVOB.exe [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-19 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-19 40552]
S3 MUGMMNCYD;MUGMMNCYD;c:\docume~1\andrew\locals~1\temp\mugmmncyd.exe --> c:\docume~1\andrew\locals~1\temp\MUGMMNCYD.exe [?]
S3 ONDHBNG;ONDHBNG;c:\docume~1\andrew\locals~1\temp\ondhbng.exe --> c:\docume~1\andrew\locals~1\temp\ONDHBNG.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-8-19 606736]
S4 VXVEULXHYAL;VXVEULXHYAL;c:\docume~1\andrew\locals~1\temp\vxveulxhyal.exe --> c:\docume~1\andrew\locals~1\temp\VXVEULXHYAL.exe [?]

=============== Created Last 30 ================

2009-09-13 19:13 229,888 a------- c:\windows\PEV.exe
2009-09-13 19:13 161,792 a------- c:\windows\SWREG.exe
2009-09-13 19:13 98,816 a------- c:\windows\sed.exe
2009-09-12 23:15 <DIR> --d----- c:\documents and settings\andrew\DoctorWeb
2009-09-12 22:42 <DIR> --d----- C:\Combo-Fix
2009-09-09 17:54 <DIR> --d----- c:\program files\NVT Malware Remover Tool
2009-09-09 16:11 <DIR> a-dshr-- C:\cmdcons
2009-09-09 07:31 118 a------- c:\windows\system32\MRT.INI
2009-09-08 20:54 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-06 23:17 <DIR> --d----- c:\program files\iCall
2009-09-06 22:14 <DIR> --d----- c:\program files\iPod
2009-09-06 22:14 <DIR> --d----- c:\program files\iTunes
2009-09-06 22:11 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-09-06 22:11 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-09-06 20:08 <DIR> --d----- c:\program files\TVPlayerClassic
2009-09-06 17:37 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-06 10:23 <DIR> --d----- c:\windows\system32\NtmsData

==================== Find3M ====================

2009-09-06 20:07 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-13 08:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 06:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 06:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 06:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-29 04:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 04:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 01:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 01:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 01:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 01:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 04:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2007-06-14 19:30 0 a------- c:\documents and settings\andrew\GoogleDesktop.exe
2006-02-17 11:17 557,056 a------- c:\documents and settings\andrew\chatlnk.exe
2009-06-05 00:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060520090606\index.dat

============= FINISH: 21:57:20.53 ===============

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:07 AM

Posted 30 September 2009 - 09:09 AM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 mrback

mrback
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 01 October 2009 - 02:15 AM

Syler Hello and Thank you
the problem hasn t gone away and I am afraid of using my laptop
I am not sure whether you want me to attach those files or just copy and paste? So I just pated them

I realize now that I can t use anymore my external dvd drive. I wonder whether this is due to the lates release of Windows?
Once again thank you

Here is Log


Logfile of random's system information tool 1.06 (written by random/random)
Run by Andrew at 2009-10-01 00:03:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (11%) free of 57 GB
Total RAM: 759 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:10 AM, on 10/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Andrew\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://webapp.reshealthcare.org/remotenet/...ca32/ica32t.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1244179511406
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CHQOB - Unknown owner - C:\DOCUME~1\Andrew\LOCALS~1\Temp\CHQOB.exe (file missing)
O23 - Service: CQUICVOB - Unknown owner - C:\DOCUME~1\Andrew\LOCALS~1\Temp\CQUICVOB.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MUGMMNCYD - Unknown owner - C:\DOCUME~1\Andrew\LOCALS~1\Temp\MUGMMNCYD.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: ONDHBNG - Unknown owner - C:\DOCUME~1\Andrew\LOCALS~1\Temp\ONDHBNG.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

--
End of file - 8546 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-08 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-05 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-14 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6FFE2AE-4D12-451F-B457-FE6125FFB1CF}]
InlineSearchHandleHotKeys Class - C:\Program Files\IEForge\Inline Search\InlineSearch.dll [2006-11-07 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-25 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-14 147456]
{ACB1E670-3217-45C4-A021-6B829A8A27CB}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-13 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/imApp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe [2007-09-07 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-04 606208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-05 127035]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveHQ FileManager]
C:\Program Files\DriveHQ\DriveHQ FileManager\DriveHQClient.exe autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eqfg]
C:\Documents and Settings\Andrew\My Documents\??pPatch\w?crtupd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Express ClickYes]
C:\Program Files\Express ClickYes\ClickYes.exe [2005-07-27 32256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-04 1836544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
C:\WINDOWS\system32\jrasphhq.dll,realset []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1156169100\ee\AOLSoftware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe [2006-01-06 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
C:\WINDOWS\system32\hphmon06.exe [2006-01-06 659456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2006-01-06 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
C:\Program Files\iCall\iCall.exe [2008-12-18 1587576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
C:\Program Files\SCROLL MOUSE\SCROLL MOUSE\4.0\lwbwheel.exe [2000-02-11 242688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
C:\Program Files\McAfee\MBK\LogOnHook.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray]
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-01-09 1176808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]
C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-25 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-06-08 1506544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tair]
C:\PROGRA~1\COMMON~1\ASKS~1\dexplore.exe -vt ndrv []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-08 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-06 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2004-11-10 111816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe [2003-10-23 217194]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TOSBTM~1.EXE [2004-12-22 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
C:\PROGRA~1\RESEAR~1\BLACKB~1\DESKTO~1.EXE [2007-01-18 1212416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^X1 System Tray.lnk]
C:\Documents and Settings\Andrew\Desktop\X1\X1Systray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcusrmgr"=2
"mcmispupdmgr"=2
"mctskshd.exe"=2
"MSK80Service"=2
"McRedirector"=2
"mcpromgr"=2
"MPS9"=2
"McLogManagerService"=2
"McAfee HackerWatch Service"=2
"Emproxy"=3
"aawservice"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-08 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iCall\iCall.exe"="C:\Program Files\iCall\iCall.exe:*:Enabled:iCall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-10-01 00:03:54 ----D---- C:\Program Files\trend micro
2009-10-01 00:03:53 ----D---- C:\rsit
2009-09-25 02:01:40 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-25 02:01:40 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-25 02:01:40 ----A---- C:\WINDOWS\system32\java.exe
2009-09-13 19:49:45 ----A---- C:\ComboFix.txt
2009-09-13 19:13:13 ----A---- C:\WINDOWS\zip.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\SWSC.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\SWREG.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\sed.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\PEV.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\grep.exe
2009-09-13 19:12:50 ----D---- C:\Qoobox
2009-09-12 22:42:56 ----D---- C:\Combo-Fix
2009-09-09 17:54:06 ----D---- C:\Program Files\NVT Malware Remover Tool
2009-09-09 16:11:30 ----A---- C:\Boot.bak
2009-09-09 16:11:14 ----RASHD---- C:\cmdcons
2009-09-09 15:58:14 ----D---- C:\WINDOWS\ERDNT
2009-09-09 07:31:37 ----A---- C:\WINDOWS\system32\MRT.INI
2009-09-09 07:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 07:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 07:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-08 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-06 23:17:23 ----D---- C:\Program Files\iCall
2009-09-06 22:14:21 ----D---- C:\Program Files\iPod
2009-09-06 22:14:10 ----D---- C:\Program Files\iTunes
2009-09-06 22:12:50 ----D---- C:\Program Files\QuickTime
2009-09-06 22:12:15 ----D---- C:\Program Files\Apple Software Update
2009-09-06 22:11:55 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-09-06 22:11:38 ----D---- C:\Program Files\Common Files\Apple
2009-09-06 20:08:47 ----D---- C:\Program Files\TVPlayerClassic
2009-09-06 17:37:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-09-06 10:23:25 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-26 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 03:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-03 20:19:32 ----HD---- C:\WINDOWS\PIF
2009-07-15 03:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 3 months======

2009-10-01 00:03:54 ----RD---- C:\Program Files
2009-10-01 00:03:08 ----D---- C:\WINDOWS\Temp
2009-09-30 17:56:32 ----D---- C:\Program Files\Mozilla Firefox
2009-09-30 03:00:40 ----SD---- C:\WINDOWS\Tasks
2009-09-26 08:32:06 ----RASH---- C:\BOOT.INI
2009-09-26 08:32:06 ----A---- C:\WINDOWS\WIN.INI
2009-09-26 08:32:06 ----A---- C:\WINDOWS\system.ini
2009-09-25 02:01:57 ----SHD---- C:\WINDOWS\Installer
2009-09-25 02:01:49 ----D---- C:\Config.Msi
2009-09-25 02:01:41 ----D---- C:\WINDOWS\SYSTEM32
2009-09-25 02:00:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-13 22:46:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-13 19:43:13 ----D---- C:\WINDOWS
2009-09-13 19:24:26 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-13 19:24:26 ----D---- C:\WINDOWS\AppPatch
2009-09-13 19:24:01 ----D---- C:\Program Files\Common Files
2009-09-13 19:15:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-12 22:43:44 ----D---- C:\WINDOWS\pss
2009-09-12 22:43:16 ----SHD---- C:\System Volume Information
2009-09-12 22:43:16 ----D---- C:\WINDOWS\system32\Restore
2009-09-11 23:17:06 ----D---- C:\Program Files\Java
2009-09-10 00:11:15 ----D---- C:\WINDOWS\system32\CONFIG
2009-09-09 16:04:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-09 07:25:35 ----HD---- C:\WINDOWS\INF
2009-09-09 07:25:32 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-09-09 07:25:21 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 07:25:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-08 21:44:47 ----D---- C:\Program Files\Bonjour
2009-09-07 15:40:50 ----D---- C:\Documents and Settings\Andrew\Application Data\Skype
2009-09-06 23:17:37 ----D---- C:\WINDOWS\WinSxS
2009-09-06 22:12:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-06 21:33:42 ----D---- C:\Documents and Settings
2009-09-06 20:51:58 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-06 10:20:32 ----D---- C:\WINDOWS\Registration
2009-09-06 00:09:02 ----D---- C:\Program Files\Satellite
2009-08-28 14:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-15 20:38:55 ----D---- C:\Documents and Settings\Andrew\Application Data\dvdcss
2009-08-13 08:16:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-13 03:05:40 ----D---- C:\Program Files\Outlook Express
2009-08-05 02:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 22:28:08 ----D---- C:\Program Files\Picasa2
2009-07-29 03:01:41 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 03:01:41 ----D---- C:\Program Files\Internet Explorer
2009-07-19 06:33:02 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 12:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 07:21:59 ----D---- C:\Documents and Settings\Andrew\Application Data\BitTorrent
2009-07-15 20:25:14 ----D---- C:\Program Files\McAfee
2009-07-14 04:03:14 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-02 03:03:41 ----D---- C:\WINDOWS\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-10-05 62799]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-06-02 17056]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-05 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-05 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-05 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-05 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-05 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-05 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-05 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-05 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-05 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-03 121472]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2004-11-01 272568]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-01-08 51582]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-22 34816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780}; \??\C:\WINDOWS\TEMP\8F.tmp []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Andrew\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-06 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-06 21744]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys []
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PRISM_A02;802.11a/g USB Driver; C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys [2004-01-07 339488]
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2005-01-10 28216]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2002-10-17 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-01-17 98304]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-09 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-11-16 50048]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2004-12-16 50048]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-13 155648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-25 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-03 356352]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-07-27 26488]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 CHQOB;CHQOB; C:\DOCUME~1\Andrew\LOCALS~1\Temp\CHQOB.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CQUICVOB;CQUICVOB; C:\DOCUME~1\Andrew\LOCALS~1\Temp\CQUICVOB.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 MUGMMNCYD;MUGMMNCYD; C:\DOCUME~1\Andrew\LOCALS~1\Temp\MUGMMNCYD.exe []
S3 ONDHBNG;ONDHBNG; C:\DOCUME~1\Andrew\LOCALS~1\Temp\ONDHBNG.exe []
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
S4 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S4 VXVEULXHYAL;VXVEULXHYAL; C:\DOCUME~1\Andrew\LOCALS~1\Temp\VXVEULXHYAL.exe []
S4 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------



Here is info


info.txt logfile of random's system information tool 1.06 2009-10-01 00:04:20

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Standard-->MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x9
BitTorrent 5.0.9-->"C:\Program Files\BitTorrent\uninstall.exe"
BlackBerry Desktop Software 4.2.1-->MsiExec.exe /i{F804AE2A-92AD-4189-B8B1-7D4207F7AB13}
BlackBerry Desktop Software 4.2.1-->MsiExec.exe /I{F804AE2A-92AD-4189-B8B1-7D4207F7AB13}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Broadcom ASF Management Applications-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Canon i560-->C:\WINDOWS\system32\CNMCP58.exe "-PRINTERNAMECanon i560" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmi0409.dll"
Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
Citrix Web Client-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Debugging Tools for Windows-->MsiExec.exe /I{F567DC55-F59A-4019-BBC3-9D12C5875487}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
Express ClickYes 1.2-->C:\Program Files\Express ClickYes\uninst.exe
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Image Zone 4.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
iCall-->"C:\Program Files\iCall\unins000.exe"
IE7Pro-->C:\Program Files\IEPro\uninst.exe
Inline Search v1.3 for Internet Explorer (remove only)-->"C:\Program Files\IEForge\Inline Search\uninstall.exe"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
JLC's Internet TV-->"C:\Program Files\JLC's Software\Internet TV\Uninstall.exe"
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Manual CanoScan LiDE 60-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B72D50-1C7E-491C-8086-9E060051D316}\setup.exe" -l0x9
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NVT Malware Remover Tool v2.0.8b1-->"C:\Program Files\NVT Malware Remover Tool\unins000.exe"
Ocean - Research Library-->C:\Ocean\unins000.exe
OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Picasa 3-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Satellite TV for PC Elite 4.8.8.0 -->C:\WINDOWS\uninstall\Satellite TV for PC Elite\setup.exe
SCROLL MOUSE SCROLL MOUSE 4.0-->C:\Program Files\SCROLL MOUSE\SCROLL MOUSE\4.0\unins000.EXE
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Series 66 Drill and Practice-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{259A0D4C-05D8-478F-B03D-DAF63F5FDB97}\setup.exe"
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spelling Dictionaries For Adobe Reader Package-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7E8A450000A7}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Technical Support Web Controls-->MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TV Player Classic 5.4-->"C:\Program Files\TVPlayerClassic\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WebEx One-Click Meeting-->MsiExec.exe /I{2720566F-51F4-4581-BC78-8BBF1D34986F}
WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Webotron Stocks-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-Webotron Stocks.dat
Whittaker Garnier - PDF Mailer-->MsiExec.exe /I{5A59A3BE-BA85-47F3-9425-ABC161F8F16F}
Whittaker Garnier Bound Grid-->MsiExec.exe /I{6F1D0A70-63EF-40E1-AF88-9C09C54AE34B}
Whittaker Garnier CMS (5.1.4)-->MsiExec.exe /I{1B44BB37-E48A-42D8-96F2-74F86021E2F8}
Whittaker Garnier CMS PerTrac Addin (Version 1.0.1)-->MsiExec.exe /I{A4E66A17-C8A9-4B22-8406-1CA9B3952E76}
Whittaker Garnier Pivot Office XP (OWC 10.0)-->MsiExec.exe /I{889040EA-4344-4F21-B814-FB096B9EB2BF}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
X1-->"C:\Documents and Settings\Andrew\Desktop\X1.exe" -uninstall
Yahoo & Google Historical Quotes Downloader-->C:\WINDOWS\Yahoo & Google Historical Quotes Downloader Uninstaller.exe
Yahoo! Photos Easy Upload Tool 1v7-->C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"

======Security center information======

AV: McAfee VirusScan (disabled)
FW: McAfee Personal Firewall (disabled)

======System event log======

Computer Name: MORADBARGHI
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Record Number: 136780
Source Name: DCOM
Time Written: 20090908002538.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MORADBARGHI
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Record Number: 136779
Source Name: DCOM
Time Written: 20090908002538.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MORADBARGHI
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Record Number: 136778
Source Name: DCOM
Time Written: 20090908002538.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MORADBARGHI
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Record Number: 136777
Source Name: DCOM
Time Written: 20090908002538.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MORADBARGHI
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Record Number: 136776
Source Name: DCOM
Time Written: 20090908002538.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: MORADBARGHI
Event Code: 0
Message: Configuration section system.serviceModel already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 70
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090605031829.000000-420
Event Type: warning
User:

Computer Name: MORADBARGHI
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 68
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090605031829.000000-420
Event Type: warning
User:

Computer Name: MORADBARGHI
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 51
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090605031500.000000-420
Event Type: warning
User:

Computer Name: MORADBARGHI
Event Code: 1517
Message: Windows saved user MORADBARGHI\Andrew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 29
Source Name: Userenv
Time Written: 20090605003326.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MORADBARGHI
Event Code: 1517
Message: Windows saved user MORADBARGHI\Andrew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 21
Source Name: Userenv
Time Written: 20090604221457.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:07 AM

Posted 01 October 2009 - 08:39 AM

Hi,

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Bitorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Post the contents of the log you have C:\ComboFix.txt in your next reply.


I see that you have a lot of items disabled in MSconfig, I would like you to re-enable them all, including McAfee, you can set them back how you want after we are done cleaning.

Click Start >> Run, then type msconfig in the box.
Under the general tab, select Normal Startup - load all devices and services.
Click Apply then Close and restart your computer.

Next

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back here with the following logs:
  • Combofix.txt
  • MBAM report
Thanks

Edited by syler, 01 October 2009 - 08:41 AM.

unite.jpg


#5 mrback

mrback
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 02 October 2009 - 02:53 AM

Syler
Thank you for your help
Activated McAfee
selected Normal Startup - load all devices and service
As soon as I clicked on apply a message from system config appears that says "an access denied error was returned while attempting to change a service. you may need to log on using an administrator account to make the specified changes"
but it looks like it still took into account my command.
I am gonna turn off and turn on the computer run both programs and post the logs on the next message

#6 mrback

mrback
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 02 October 2009 - 03:49 AM

Combofix asked me to dis activate Mcafee which I did and here is the combofix log

ComboFix 09-10-01.01 - Andrew 10/02/2009 1:27.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.759.189 [GMT -7:00]
Running from: c:\documents and settings\Andrew\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-10-01 07:03 . 2009-10-01 07:04 -------- d-----w- c:\program files\trend micro
2009-10-01 07:03 . 2009-10-01 07:04 -------- d-----w- C:\rsit
2009-09-09 03:54 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 06:17 . 2009-10-02 08:01 -------- d-----w- c:\program files\iCall
2009-09-07 05:14 . 2009-09-07 05:14 -------- d-----w- c:\program files\iPod
2009-09-07 05:14 . 2009-09-07 05:14 -------- d-----w- c:\program files\iTunes
2009-09-07 05:12 . 2009-09-07 05:13 -------- d-----w- c:\program files\QuickTime
2009-09-07 05:12 . 2009-09-07 05:12 -------- d-----w- c:\program files\Apple Software Update
2009-09-07 05:11 . 2009-07-09 19:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-09-07 05:11 . 2009-07-09 19:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-09-07 05:11 . 2009-09-07 05:14 -------- d-----w- c:\program files\Common Files\Apple
2009-09-07 03:08 . 2009-09-09 03:55 -------- d-----w- c:\program files\TVPlayerClassic
2009-09-07 02:58 . 2009-09-07 02:58 -------- d-----w- c:\documents and settings\Sarvenaz\Application Data\IEPro
2009-09-07 02:15 . 2009-09-07 02:27 -------- d-----w- c:\documents and settings\Sarvenaz\Application Data\Apple Computer
2009-09-07 00:37 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-06 17:23 . 2009-09-06 17:23 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 08:05 . 2007-11-02 18:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-25 09:00 . 2009-04-27 02:11 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 06:17 . 2005-06-02 17:54 -------- d-----w- c:\program files\Java
2009-09-10 00:54 . 2009-09-10 00:54 -------- d-----w- c:\program files\NVT Malware Remover Tool
2009-09-09 04:44 . 2009-03-28 04:49 -------- d-----w- c:\program files\Bonjour
2009-09-07 22:40 . 2005-07-14 15:59 -------- d-----w- c:\documents and settings\Andrew\Application Data\Skype
2009-09-06 07:09 . 2006-09-29 00:46 -------- d-----w- c:\program files\Satellite
2009-08-16 03:38 . 2009-06-07 16:38 -------- d-----w- c:\documents and settings\Andrew\Application Data\dvdcss
2009-08-07 02:24 . 2004-08-04 10:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2004-08-04 10:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2004-08-04 10:00 35552 ----a-w- c:\windows\system32\WUPS.DLL
2009-08-07 02:24 . 2004-08-04 10:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-04 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2004-08-04 10:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2004-08-04 10:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 05:28 . 2006-08-04 20:10 -------- d-----w- c:\program files\Picasa2
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2007-07-30 22:51 . 2007-06-14 06:16 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-02-23 17:54 . 2006-02-23 17:54 28672 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2006-02-23 17:54 . 2006-02-23 17:54 98304 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-14_02.43.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-02 06:20 . 2009-08-07 02:24 44768 c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-02 06:20 . 2009-08-07 02:24 35552 c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 10:00 . 2009-08-07 02:24 35552 c:\windows\SYSTEM32\DLLCACHE\wups.dll
+ 2004-08-04 10:00 . 2009-08-07 02:24 53472 c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
+ 2004-08-04 10:00 . 2009-08-07 02:24 96480 c:\windows\SYSTEM32\DLLCACHE\cdm.dll
+ 2009-09-14 03:03 . 2009-10-02 07:34 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-07-14 03:12 . 2009-10-02 07:34 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-07-14 03:12 . 2009-09-13 22:00 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-09-12 17:38 . 2009-09-13 22:00 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-09-14 03:03 . 2009-10-02 07:34 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-09-25 09:01 . 2009-09-25 09:00 148888 c:\windows\SYSTEM32\javaws.exe
+ 2009-09-25 09:01 . 2009-09-25 09:00 144792 c:\windows\SYSTEM32\javaw.exe
+ 2009-09-25 09:01 . 2009-09-25 09:00 144792 c:\windows\SYSTEM32\java.exe
+ 2004-08-04 10:00 . 2009-08-07 02:24 209632 c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
+ 2004-08-04 10:00 . 2009-08-07 02:24 327896 c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
+ 2004-08-04 10:00 . 2009-08-07 02:23 575704 c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
+ 2009-09-25 09:00 . 2009-09-25 09:00 536576 c:\windows\Installer\25340493.msi
+ 2004-08-04 10:00 . 2009-08-07 02:23 1929952 c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eqfg"="c:\documents and settings\Andrew\My Documents\??pPatch\w?crtupd.exe" [?]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]
"Express ClickYes"="c:\program files\Express ClickYes\ClickYes.exe" [2005-07-27 32256]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2007-09-07 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViewMgr"="c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-11 111816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-08 198160]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-25 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"LWBMOUSE"="c:\program files\SCROLL MOUSE\SCROLL MOUSE\4.0\lwbwheel.exe" [2000-02-11 242688]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"iCall Internet Phone"="c:\program files\iCall\iCall.exe" [2008-12-18 1587576]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2006-01-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2006-01-07 659456]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2006-01-07 172032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-04 1836544]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-1-18 1212416]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-2 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcusrmgr"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"mctskshd.exe"=2 (0x2)
"MSK80Service"=2 (0x2)
"McRedirector"=2 (0x2)
"mcpromgr"=2 (0x2)
"MPS9"=2 (0x2)
"McLogManagerService"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 9:39 AM 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 2:51 PM 4096]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [7/16/2005 9:04 AM 26488]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\8F.tmp --> c:\windows\TEMP\8F.tmp [?]
S3 CHQOB;CHQOB;c:\docume~1\Andrew\LOCALS~1\Temp\CHQOB.exe --> c:\docume~1\Andrew\LOCALS~1\Temp\CHQOB.exe [?]
S3 CQUICVOB;CQUICVOB;c:\docume~1\Andrew\LOCALS~1\Temp\CQUICVOB.exe --> c:\docume~1\Andrew\LOCALS~1\Temp\CQUICVOB.exe [?]
S3 MUGMMNCYD;MUGMMNCYD;c:\docume~1\Andrew\LOCALS~1\Temp\MUGMMNCYD.exe --> c:\docume~1\Andrew\LOCALS~1\Temp\MUGMMNCYD.exe [?]
S3 ONDHBNG;ONDHBNG;c:\docume~1\Andrew\LOCALS~1\Temp\ONDHBNG.exe --> c:\docume~1\Andrew\LOCALS~1\Temp\ONDHBNG.exe [?]
S4 VXVEULXHYAL;VXVEULXHYAL;c:\docume~1\Andrew\LOCALS~1\Temp\VXVEULXHYAL.exe --> c:\docume~1\Andrew\LOCALS~1\Temp\VXVEULXHYAL.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2008-08-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-19 17:53]

2008-08-19 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-19 17:53]

2009-10-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-06 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\4vsnsijg.default\
FF - component: c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\4vsnsijg.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\4vsnsijg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\4vsnsijg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\4vsnsijg.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Andrew\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npaxctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Tair - c:\progra~1\COMMON~1\ASKS~1\dexplore.exe
HKCU-Run-DriveHQ FileManager - c:\program files\DriveHQ\DriveHQ FileManager\DriveHQClient.exe
HKCU-Run-Aim6 - c:\program files\Common Files\AOL\Launch\AOLLaunch.exe
HKLM-Run-MVS Splash - c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe
HKLM-Run-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\Agent\myagttry.exe
HKLM-Run-MBkLogOnHook - c:\program files\McAfee\MBK\LogOnHook.exe
HKLM-Run-LogitechVideo[inspector] - c:\program files\Logitech\Video\InstallHelper.exe
HKLM-Run-LogitechCameraAssistant - c:\program files\Logitech\Video\CameraAssistant.exe
HKLM-Run-IPHSend - c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
HKLM-Run-HostManager - c:\program files\Common Files\AOL\1156169100\ee\AOLSoftware.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
AddRemove-X1 Desktop Search - c:\documents and settings\Andrew\Desktop\X1.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 01:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\c:\windows\TEMP\8F.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(4008)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\ieframe.dll
c:\program files\SCROLL MOUSE\SCROLL MOUSE\4.0\MOUSEDLL.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\system32\dla\tfswshx.dll
c:\windows\system32\tfswapi.dll
c:\windows\system32\dla\tfswcres.dll
c:\program files\McAfee\VirusScan\scriptsn.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Completion time: 2009-10-02 1:43
ComboFix-quarantined-files.txt 2009-10-02 08:42
ComboFix2.txt 2009-09-14 02:49
ComboFix3.txt 2009-09-12 05:35

Pre-Run: 6,288,396,288 bytes free
Post-Run: 7,198,916,608 bytes free

269 --- E O F --- 2009-10-01 10:00

#7 mrback

mrback
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 02 October 2009 - 04:15 AM

Malwarebytes' Anti-Malware 1.41
Database version: 2892
Windows 5.1.2600 Service Pack 3

10/2/2009 2:13:00 AM
mbam-log-2009-10-02 (02-13-00).txt

Scan type: Quick Scan
Objects scanned: 130836
Time elapsed: 9 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Backdoor.Sinowal) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\MSINET.oca (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.

#8 mrback

mrback
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 02 October 2009 - 10:57 AM

I used msconfig again to disable some of the programs and the same message:
"an access denied error was returned while attempting to change a service. you may need to log on using an administrator account to make the specified changes"
apeared

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:07 AM

Posted 02 October 2009 - 05:14 PM

Why did you run Combofix again, that is not what I was asking you to do, I was asking you to post the log from the run you had already done.
When replying please try and post all your logs together and be patient when waiting for my reply, thanks.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Please post back here with the following logs:
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#10 mrback

mrback
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 03 October 2009 - 10:07 AM

Syler thank you for our guidance
please find below both requested logs

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-03 07:56:51
Windows 5.1.2600 Service Pack 3
Running: i6i25h86.exe; Driver: C:\DOCUME~1\Andrew\LOCALS~1\Temp\pwrdykoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA4AF4EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAA4AF581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA4AF498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA4AF4AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA4AF595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA4AF5C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA4AF62F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA4AF619]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA4AF52A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA4AF65B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA4AF56D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA4AF470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA4AF484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA4AF4FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA4AF697]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA4AF603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA4AF5ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA4AF5AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA4AF683]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA4AF66F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA4AF4D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA4AF4C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAA4AF5D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA4AF559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA4AF645]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA4AF540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA4AF514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP AA4AF518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP AA4AF571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP AA4AF5F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP AA4AF4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP AA4AF4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP AA4AF585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP AA4AF69B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP AA4AF633 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP AA4AF474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP AA4AF502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP AA4AF5DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP AA4AF544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP AA4AF52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP AA4AF4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP AA4AF55D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP AA4AF488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP AA4AF65F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP AA4AF61D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP AA4AF5C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP AA4AF599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP AA4AF49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD17 5 Bytes JMP AA4AF4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9DA 7 Bytes JMP AA4AF649 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E300 7 Bytes JMP AA4AF607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E77C 7 Bytes JMP AA4AF5AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC71 5 Bytes JMP AA4AF673 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0DC 5 Bytes JMP AA4AF687 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0093
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0078
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0F9E
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0FAF
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0047
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA00AE
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F72
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA00E4
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0F4B
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA0F3A
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0FCA
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0011
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0F83
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0036
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0FDB
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA00C9
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90062
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90FE5
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C9001B
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90051
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C90FAF
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP C89FEDE5
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90040
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C8004C
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80FB7
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C8001D
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FC8
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C8000C
.text C:\WINDOWS\system32\services.exe[740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0F5F
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0054
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0F70
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F8D
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED001E
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0F38
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED0080
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED00AC
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED0F13
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED00C7
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0039
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0FDE
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED006F
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0FB2
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0FCD
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0091
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0036
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0076
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC001B
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC005B
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0FB9
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0075
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0064
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB002E
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0049
.text C:\WINDOWS\system32\lsass.exe[752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0011
.text C:\WINDOWS\system32\lsass.exe[752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD004A
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD002F
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0F57
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0F72
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD000A
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F13
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F30
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0087
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0076
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0EC9
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0F83
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0FDE
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD005B
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0F9E
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FC3
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0EF8
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0FB2
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0F68
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FC3
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0FDE
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0F79
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AC0025
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0014
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0044
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0FB9
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0029
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FD4
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0018
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A80FE5
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD006F
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F70
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0F81
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0040
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0FB9
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD00B1
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD008A
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD00D6
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0F33
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD00E7
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0FA8
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0F5F
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F4E
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0087
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0076
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0065
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB005A
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0049
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0027
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0038
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FE3
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BA0000
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028D0000
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 028D0F70
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 028D0065
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 028D0054
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 028D0F97
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 028D0FA8
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028D0F3A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 028D0F4B
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028D00D3
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028D00AE
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028D00E4
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 028D002F
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 028D0FE5
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 028D0076
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 028D0FB9
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 028D0FD4
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 028D0093
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 028C0FB9
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 028C0F68
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 028C0FCA
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 028C0FE5
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 028C0F83
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 028C0000
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 028C0F94
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AC, 8A]
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 028C001B
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 028B0FAF
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 028B003A
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 028B0FD4
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 028B0FEF
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 028B0029
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 028B000C
.text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 028A0000
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenA 3D94C879 5 Bytes JMP 024A0FE5
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenW 3D94CEA9 5 Bytes JMP 024A0FCA
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlA 3D950BD2 5 Bytes JMP 024A0000
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlW 3D99B081 5 Bytes JMP 024A0FA5
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780FA8
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780FC3
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780091
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780080
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0078005B
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007800C2
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780F7C
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00780F3A
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007800DD
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007800F8
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780FD4
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780F8D
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0078004A
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780025
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00780F55
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0077002C
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770F9B
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0077001B
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00770FE5
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0077004E
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00770FAC
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [97, 88]
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0077003D
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760FA1
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760FB2
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760011
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760022
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760FE3
.text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0089
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F94
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0FA5
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0062
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0036
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0F41
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F52
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC0F04
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC0F15
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC0EE9
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC0051
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC0F6F
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC0FCA
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC0F26
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB002F
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0F83
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB0F9E
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DB0040
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0FC3
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0049
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0038
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0027
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0FD2
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90FE5
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F6F
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0064
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F8A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F9B
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F37
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA007F
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0EFA
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F0B
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00AE
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA003D
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F54
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FC0
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F1C
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660036
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660091
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0066001B
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660FCA
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660062
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660051
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0065004C
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650027
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FB7
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0065000C
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650FD2
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenA 3D94C879 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenW 3D94CEA9 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenUrlA 3D950BD2 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenUrlW 3D99B081 5 Bytes JMP 00630040
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90065
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F70
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90054
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F97
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B9009D
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F55
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90F33
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F44
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900E7
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90FA8
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90080
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90025
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B900B8
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80F6F
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B80F8A
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D8, 88]
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70027
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70FC1
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70FA6
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FDE
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01E5000A
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01E50F92
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01E5007D
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01E5006C
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01E50051
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01E50040
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01E500AC
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01E50F66
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01E50F38
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01E50F49
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01E50F1D
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01E50FAF
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01E50FEF
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01E50F77
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01E50FD4
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01E50025
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01E500BD
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01E40FC0
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01E40F6F
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01E40011
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01E40FDB
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01E40F94
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01E40000
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01E40036
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01E40FA5
.text C:\WINDOWS\Explorer.EXE[1948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01E30FAD
.text C:\WINDOWS\Explorer.EXE[1948] msvcrt.dll!system 77C293C7 5 Bytes JMP 01E30FC8
.text C:\WINDOWS\Explorer.EXE[1948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01E3001D
.text C:\WINDOWS\Explorer.EXE[1948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01E30FEF
.text C:\WINDOWS\Explorer.EXE[1948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01E30038
.text C:\WINDOWS\Explorer.EXE[1948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01E3000C
.text C:\WINDOWS\Explorer.EXE[1948] WININET.dll!InternetOpenA 3D94C879 5 Bytes JMP 01850FE5
.text C:\WINDOWS\Explorer.EXE[1948] WININET.dll!InternetOpenW 3D94CEA9 5 Bytes JMP 01850FD4
.text C:\WINDOWS\Explorer.EXE[1948] WININET.dll!InternetOpenUrlA 3D950BD2 5 Bytes JMP 01850FAF
.text C:\WINDOWS\Explorer.EXE[1948] WININET.dll!InternetOpenUrlW 3D99B081 5 Bytes JMP 01850F9E
.text C:\WINDOWS\Explorer.EXE[1948] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01E00000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026A0000
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026A009D
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026A0082
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026A005B
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026A0F9E
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026A0FB9
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026A00C4
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026A0F7C
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026A00FA
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026A00DF
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 026A0F50
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 026A0040
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 026A0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 026A0F8D
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 026A0FD4
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 026A0025
.text C:\WINDOWS\system32\wuauclt.exe[2180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026A0F61
.text C:\WINDOWS\system32\wuauclt.exe[2180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02680FAF
.text C:\WINDOWS\system32\wuauclt.exe[2180] msvcrt.dll!system 77C293C7 5 Bytes JMP 0268003A
.text C:\WINDOWS\system32\wuauclt.exe[2180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02680029
.text C:\WINDOWS\system32\wuauclt.exe[2180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02680FEF
.text C:\WINDOWS\system32\wuauclt.exe[2180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02680FD4
.text C:\WINDOWS\system32\wuauclt.exe[2180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02680018
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 3 Bytes JMP 02690FC0
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegOpenKeyExW + 4 77DD6AB3 1 Byte [8A]
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 3 Bytes JMP 02690F9B
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegCreateKeyExW + 4 77DD7770 1 Byte [8A]
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 3 Bytes JMP 0269001B
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegOpenKeyExA + 4 77DD7856 1 Byte [8A]
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegOpenKeyW 77DD7946 3 Bytes JMP 02690FE5
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegOpenKeyW + 4 77DD794A 1 Byte [8A]
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 3 Bytes JMP 02690058
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegCreateKeyExA + 4 77DDE9F8 1 Byte [8A]
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 3 Bytes JMP 02690000
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegOpenKeyA + 4 77DDEFCC 1 Byte [8A]
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02690047
.text C:\WINDOWS\system32\wuauclt.exe[2180] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0269002C
.text C:\WINDOWS\system32\wuauclt.exe[2180] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02670000
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0051
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F68
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0F94
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F13
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F24
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0EC2
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0EDD
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0076
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0F79
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F4B
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[2356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0EF8
.text C:\WINDOWS\system32\wuauclt.exe[2356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FBC
.text C:\WINDOWS\system32\wuauclt.exe[2356] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\wuauclt.exe[2356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\wuauclt.exe[2356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\wuauclt.exe[2356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A002C
.text C:\WINDOWS\system32\wuauclt.exe[2356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[2356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[2356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0051
.text C:\WINDOWS\system32\wuauclt.exe[2356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[2356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[2356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0F94
.text C:\WINDOWS\system32\wuauclt.exe[2356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[2356] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\system32\wuauclt.exe[2356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0036

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- EOF - GMER 1.0.15 ----




Logfile of random's system information tool 1.06 (written by random/random)
Run by Andrew at 2009-10-03 08:02:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (12%) free of 57 GB
Total RAM: 759 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:54 AM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\SCROLL MOUSE\SCROLL MOUSE\4.0\lwbwheel.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iCall\iCall.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andrew\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\SCROLL MOUSE\SCROLL MOUSE\4.0\lwbwheel.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [iCall Internet Phone] "C:\Program Files\iCall\iCall.exe" /startup
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [Eqfg] "C:\Documents and Settings\Andrew\My Documents\??pPatch\w?crtupd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: X1 System Tray.lnk = C:\Documents and Settings\Andrew\Desktop\X1\X1Systray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: X1 System Tray.lnk = C:\Documents and Settings\Andrew\Desktop\X1\X1Systray.exe (User 'Default user')
O4 - Startup: X1 System Tray.lnk = C:\Documents and Settings\Andrew\Desktop\X1\X1Systray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://webapp.reshealthcare.org/remotenet/...ca32/ica32t.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1244179511406
O23 - Service: McAfee Application Installer Cleanup (0111171254499174) (0111171254499174mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\011117~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CHQOB - Unknown owner - C:\DOCUME~1\Andrew\LOCALS~1\Temp\CHQOB.exe (file missing)
O23 - Service: CQUICVOB - Unknown owner - C:\DOCUME~1\Andrew\LOCALS~1\Temp\CQUICVOB.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MUGMMNCYD - Unknown owner - C:\DOCUME~1\Andrew\LOCALS~1\Temp\MUGMMNCYD.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: ONDHBNG - Unknown owner - C:\DOCUME~1\Andrew\LOCALS~1\Temp\ONDHBNG.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

--
End of file - 13963 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-08 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-05 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-14 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6FFE2AE-4D12-451F-B457-FE6125FFB1CF}]
InlineSearchHandleHotKeys Class - C:\Program Files\IEForge\Inline Search\InlineSearch.dll [2006-11-07 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-25 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-14 147456]
{ACB1E670-3217-45C4-A021-6B829A8A27CB}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2004-11-10 111816]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-06 110592]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-08 198160]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-25 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-01-09 1176808]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"LWBMOUSE"=C:\Program Files\SCROLL MOUSE\SCROLL MOUSE\4.0\lwbwheel.exe [2000-02-11 242688]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]
"iCall Internet Phone"=C:\Program Files\iCall\iCall.exe [2008-12-18 1587576]
"HPHUPD06"=C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2006-01-06 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2006-01-06 659456]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe [2006-01-06 172032]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-04 1836544]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-05 127035]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-04 606208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"Express ClickYes"=C:\Program Files\Express ClickYes\ClickYes.exe [2005-07-27 32256]
"Eqfg"=C:\Documents and Settings\Andrew\My Documents\??pPatch\w?crtupd.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe [2007-09-07 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcusrmgr"=2
"mcmispupdmgr"=2
"mctskshd.exe"=2
"MSK80Service"=2
"McRedirector"=2
"mcpromgr"=2
"MPS9"=2
"McLogManagerService"=2
"McAfee HackerWatch Service"=2
"Emproxy"=3
"aawservice"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe

C:\Documents and Settings\Andrew\Start Menu\Programs\Startup
X1 System Tray.lnk - C:\Documents and Settings\Andrew\Desktop\X1\X1Systray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-08 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iCall\iCall.exe"="C:\Program Files\iCall\iCall.exe:*:Enabled:iCall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-10-02 01:51:17 ----D---- C:\Documents and Settings\Andrew\Application Data\Malwarebytes
2009-10-02 01:51:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-02 01:51:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-02 01:43:43 ----A---- C:\ComboFix.txt
2009-10-01 00:03:54 ----D---- C:\Program Files\trend micro
2009-10-01 00:03:53 ----D---- C:\rsit
2009-09-25 02:01:40 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-25 02:01:40 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-25 02:01:40 ----A---- C:\WINDOWS\system32\java.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\zip.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\SWSC.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\SWREG.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\sed.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\PEV.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\grep.exe
2009-09-13 19:12:50 ----D---- C:\Qoobox
2009-09-12 22:42:56 ----D---- C:\Combo-Fix
2009-09-09 17:54:06 ----D---- C:\Program Files\NVT Malware Remover Tool
2009-09-09 16:11:30 ----A---- C:\Boot.bak
2009-09-09 16:11:14 ----RASHD---- C:\cmdcons
2009-09-09 15:58:14 ----D---- C:\WINDOWS\ERDNT
2009-09-09 07:31:37 ----A---- C:\WINDOWS\system32\MRT.INI
2009-09-09 07:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 07:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 07:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-08 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-06 23:17:23 ----D---- C:\Program Files\iCall
2009-09-06 22:14:21 ----D---- C:\Program Files\iPod
2009-09-06 22:14:10 ----D---- C:\Program Files\iTunes
2009-09-06 22:12:50 ----D---- C:\Program Files\QuickTime
2009-09-06 22:12:15 ----D---- C:\Program Files\Apple Software Update
2009-09-06 22:11:55 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-09-06 22:11:38 ----D---- C:\Program Files\Common Files\Apple
2009-09-06 20:08:47 ----D---- C:\Program Files\TVPlayerClassic
2009-09-06 17:37:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-09-06 10:23:25 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-26 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 03:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-03 20:19:32 ----HD---- C:\WINDOWS\PIF
2009-07-15 03:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 3 months======

2009-10-03 07:54:34 ----D---- C:\Program Files\Mozilla Firefox
2009-10-03 07:54:32 ----D---- C:\WINDOWS\Temp
2009-10-03 03:00:43 ----SD---- C:\WINDOWS\Tasks
2009-10-02 21:35:54 ----D---- C:\WINDOWS
2009-10-02 21:35:52 ----D---- C:\Program Files\McAfee
2009-10-02 21:31:37 ----RASH---- C:\BOOT.INI
2009-10-02 21:31:37 ----A---- C:\WINDOWS\WIN.INI
2009-10-02 21:31:37 ----A---- C:\WINDOWS\system.ini
2009-10-02 21:31:36 ----D---- C:\WINDOWS\pss
2009-10-02 08:59:24 ----HD---- C:\WINDOWS\INF
2009-10-02 08:59:18 ----D---- C:\WINDOWS\system32\DRIVERS
2009-10-02 08:54:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-02 02:13:00 ----D---- C:\WINDOWS\SYSTEM32
2009-10-02 01:51:09 ----RD---- C:\Program Files
2009-10-02 01:33:44 ----D---- C:\WINDOWS\AppPatch
2009-10-02 01:33:28 ----D---- C:\Program Files\Common Files
2009-10-02 01:05:06 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-02 00:59:11 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-10-01 23:20:30 ----D---- C:\WINDOWS\Help
2009-09-25 02:01:57 ----SHD---- C:\WINDOWS\Installer
2009-09-25 02:01:49 ----D---- C:\Config.Msi
2009-09-25 02:00:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-13 22:46:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-12 22:43:16 ----SHD---- C:\System Volume Information
2009-09-12 22:43:16 ----D---- C:\WINDOWS\system32\Restore
2009-09-11 23:17:06 ----D---- C:\Program Files\Java
2009-09-10 00:11:15 ----D---- C:\WINDOWS\system32\CONFIG
2009-09-09 16:04:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-09 07:25:21 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 07:25:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-08 21:44:47 ----D---- C:\Program Files\Bonjour
2009-09-07 15:40:50 ----D---- C:\Documents and Settings\Andrew\Application Data\Skype
2009-09-06 23:17:37 ----D---- C:\WINDOWS\WinSxS
2009-09-06 22:12:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-06 21:33:42 ----D---- C:\Documents and Settings
2009-09-06 20:51:58 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-06 10:20:32 ----D---- C:\WINDOWS\Registration
2009-09-06 00:09:02 ----D---- C:\Program Files\Satellite
2009-08-28 14:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-15 20:38:55 ----D---- C:\Documents and Settings\Andrew\Application Data\dvdcss
2009-08-13 08:16:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-13 03:05:40 ----D---- C:\Program Files\Outlook Express
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\WUPS.DLL
2009-08-06 19:24:06 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 19:24:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-06 19:24:04 ----A---- C:\WINDOWS\system32\cdm.dll
2009-08-06 19:24:00 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-06 19:23:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-05 02:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 22:28:08 ----D---- C:\Program Files\Picasa2
2009-07-29 03:01:41 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 03:01:41 ----D---- C:\Program Files\Internet Explorer
2009-07-19 06:33:02 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 12:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 07:21:59 ----D---- C:\Documents and Settings\Andrew\Application Data\BitTorrent
2009-07-14 04:03:14 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-10-05 62799]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-06-02 17056]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-05 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-05 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-05 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-05 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-05 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-05 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-05 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-05 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-05 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-03 121472]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2004-11-01 272568]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-01-08 51582]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-22 34816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Andrew\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-06 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-06 21744]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys []
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08 40552]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PRISM_A02;802.11a/g USB Driver; C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys [2004-01-07 339488]
S3 pwrdykoc;pwrdykoc; \??\C:\DOCUME~1\Andrew\LOCALS~1\Temp\pwrdykoc.sys []
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2005-01-10 28216]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2002-10-17 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-01-17 98304]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-09 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-11-16 50048]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2004-12-16 50048]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-13 155648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-25 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-03 356352]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 0111171254499174mcinstcleanup;McAfee Application Installer Cleanup (0111171254499174); C:\WINDOWS\TEMP\011117~1.EXE [2009-08-18 316312]
S2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-07-27 26488]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 CHQOB;CHQOB; C:\DOCUME~1\Andrew\LOCALS~1\Temp\CHQOB.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CQUICVOB;CQUICVOB; C:\DOCUME~1\Andrew\LOCALS~1\Temp\CQUICVOB.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 MUGMMNCYD;MUGMMNCYD; C:\DOCUME~1\Andrew\LOCALS~1\Temp\MUGMMNCYD.exe []
S3 ONDHBNG;ONDHBNG; C:\DOCUME~1\Andrew\LOCALS~1\Temp\ONDHBNG.exe []
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
S4 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S4 VXVEULXHYAL;VXVEULXHYAL; C:\DOCUME~1\Andrew\LOCALS~1\Temp\VXVEULXHYAL.exe []
S4 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:07 AM

Posted 03 October 2009 - 02:44 PM

Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Double click on mbr.exe to run it.
  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.
Next

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Next

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    CHQOB
    CQUICVOB
    MUGMMNCYD
    ONDHBNG
    VXVEULXHYAL
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Eqfg"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ACB1E670-3217-45C4-A021-6B829A8A27CB}"=-
    :Files
    C:\Documents and Settings\Andrew\My Documents\??pPatch /u
    :Commands
    [Purity]
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post back here with the following logs:
  • mbr.log
  • OTM results
  • New Rsit log
Thanks

unite.jpg


#12 mrback

mrback
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 03 October 2009 - 06:25 PM

Syler

Once again thank you
I installed ERUNt and ran it
OTM did ask me to reboot which I did and after the reboot it asked me to run it again. all it did was to open the log. I hope it is the right one.
Please find below the requested logs

MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 62 !
PE file found in sector at 0x06FBFEFE !


OTM
All processes killed
========== SERVICES/DRIVERS ==========

Service\Driver CHQOB deleted successfully.

Service\Driver CQUICVOB deleted successfully.

Service\Driver MUGMMNCYD deleted successfully.

Service\Driver ONDHBNG deleted successfully.

Service\Driver VXVEULXHYAL deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Eqfg deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ACB1E670-3217-45C4-A021-6B829A8A27CB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACB1E670-3217-45C4-A021-6B829A8A27CB}\ not found.
========== FILES ==========
File/Folder C:\Documents and Settings\Andrew\My Documents\??pPatch not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Andrew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Friend
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Sarvenaz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10032009_160013

Files moved on Reboot...

Registry entries deleted on Reboot...


RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Andrew at 2009-10-03 16:17:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (12%) free of 57 GB
Total RAM: 759 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:05 PM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\SCROLL MOUSE\SCROLL MOUSE\4.0\lwbwheel.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iCall\iCall.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Documents and Settings\Andrew\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\SCROLL MOUSE\SCROLL MOUSE\4.0\lwbwheel.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [iCall Internet Phone] "C:\Program Files\iCall\iCall.exe" /startup
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: X1 System Tray.lnk = C:\Documents and Settings\Andrew\Desktop\X1\X1Systray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: X1 System Tray.lnk = C:\Documents and Settings\Andrew\Desktop\X1\X1Systray.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: X1 System Tray.lnk = C:\Documents and Settings\Andrew\Desktop\X1\X1Systray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://webapp.reshealthcare.org/remotenet/...ca32/ica32t.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1244179511406
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

--
End of file - 13779 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-08 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-05 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-14 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6FFE2AE-4D12-451F-B457-FE6125FFB1CF}]
InlineSearchHandleHotKeys Class - C:\Program Files\IEForge\Inline Search\InlineSearch.dll [2006-11-07 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-25 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-14 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2004-11-10 111816]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-06 110592]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-08 198160]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-25 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-01-09 1176808]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"LWBMOUSE"=C:\Program Files\SCROLL MOUSE\SCROLL MOUSE\4.0\lwbwheel.exe [2000-02-11 242688]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]
"iCall Internet Phone"=C:\Program Files\iCall\iCall.exe [2008-12-18 1587576]
"HPHUPD06"=C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2006-01-06 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2006-01-06 659456]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe [2006-01-06 172032]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-04 1836544]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-05 127035]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-04 606208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"Express ClickYes"=C:\Program Files\Express ClickYes\ClickYes.exe [2005-07-27 32256]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe [2007-09-07 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcusrmgr"=2
"mcmispupdmgr"=2
"mctskshd.exe"=2
"MSK80Service"=2
"McRedirector"=2
"mcpromgr"=2
"MPS9"=2
"McLogManagerService"=2
"McAfee HackerWatch Service"=2
"Emproxy"=3
"aawservice"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe

C:\Documents and Settings\Andrew\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
X1 System Tray.lnk - C:\Documents and Settings\Andrew\Desktop\X1\X1Systray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-08 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iCall\iCall.exe"="C:\Program Files\iCall\iCall.exe:*:Enabled:iCall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-10-03 16:00:42 ----SHD---- C:\RECYCLER
2009-10-03 16:00:13 ----D---- C:\_OTM
2009-10-03 15:55:39 ----D---- C:\Program Files\ERUNT
2009-10-02 01:51:17 ----D---- C:\Documents and Settings\Andrew\Application Data\Malwarebytes
2009-10-02 01:51:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-02 01:51:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-02 01:43:43 ----A---- C:\ComboFix.txt
2009-10-01 00:03:54 ----D---- C:\Program Files\trend micro
2009-10-01 00:03:53 ----D---- C:\rsit
2009-09-25 02:01:40 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-25 02:01:40 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-25 02:01:40 ----A---- C:\WINDOWS\system32\java.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\zip.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\SWSC.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\SWREG.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\sed.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\PEV.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-13 19:13:13 ----A---- C:\WINDOWS\grep.exe
2009-09-13 19:12:50 ----D---- C:\Qoobox
2009-09-12 22:42:56 ----D---- C:\Combo-Fix
2009-09-09 17:54:06 ----D---- C:\Program Files\NVT Malware Remover Tool
2009-09-09 16:11:30 ----A---- C:\Boot.bak
2009-09-09 16:11:14 ----RASHD---- C:\cmdcons
2009-09-09 15:58:14 ----D---- C:\WINDOWS\ERDNT
2009-09-09 07:31:37 ----A---- C:\WINDOWS\system32\MRT.INI
2009-09-09 07:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 07:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 07:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-08 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-06 23:17:23 ----D---- C:\Program Files\iCall
2009-09-06 22:14:21 ----D---- C:\Program Files\iPod
2009-09-06 22:14:10 ----D---- C:\Program Files\iTunes
2009-09-06 22:12:50 ----D---- C:\Program Files\QuickTime
2009-09-06 22:12:15 ----D---- C:\Program Files\Apple Software Update
2009-09-06 22:11:55 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-09-06 22:11:38 ----D---- C:\Program Files\Common Files\Apple
2009-09-06 20:08:47 ----D---- C:\Program Files\TVPlayerClassic
2009-09-06 17:37:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-09-06 10:23:25 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-26 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 03:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-03 20:19:32 ----HD---- C:\WINDOWS\PIF
2009-07-15 03:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 3 months======

2009-10-03 16:15:51 ----D---- C:\Program Files\Mozilla Firefox
2009-10-03 16:14:40 ----D---- C:\WINDOWS\Temp
2009-10-03 16:10:54 ----D---- C:\Program Files\McAfee
2009-10-03 16:00:26 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-10-03 15:55:39 ----RD---- C:\Program Files
2009-10-03 03:00:43 ----SD---- C:\WINDOWS\Tasks
2009-10-02 21:35:54 ----D---- C:\WINDOWS
2009-10-02 21:31:37 ----RASH---- C:\BOOT.INI
2009-10-02 21:31:37 ----A---- C:\WINDOWS\WIN.INI
2009-10-02 21:31:37 ----A---- C:\WINDOWS\system.ini
2009-10-02 21:31:36 ----D---- C:\WINDOWS\pss
2009-10-02 08:59:24 ----HD---- C:\WINDOWS\INF
2009-10-02 08:59:18 ----D---- C:\WINDOWS\system32\DRIVERS
2009-10-02 08:54:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-02 02:13:00 ----D---- C:\WINDOWS\SYSTEM32
2009-10-02 01:33:44 ----D---- C:\WINDOWS\AppPatch
2009-10-02 01:33:28 ----D---- C:\Program Files\Common Files
2009-10-02 01:05:06 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-02 00:59:11 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-10-01 23:20:30 ----D---- C:\WINDOWS\Help
2009-09-25 02:01:57 ----SHD---- C:\WINDOWS\Installer
2009-09-25 02:01:49 ----D---- C:\Config.Msi
2009-09-25 02:00:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-13 22:46:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-12 22:43:16 ----SHD---- C:\System Volume Information
2009-09-12 22:43:16 ----D---- C:\WINDOWS\system32\Restore
2009-09-11 23:17:06 ----D---- C:\Program Files\Java
2009-09-10 00:11:15 ----D---- C:\WINDOWS\system32\CONFIG
2009-09-09 16:04:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-09 07:25:21 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 07:25:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-08 21:44:47 ----D---- C:\Program Files\Bonjour
2009-09-07 15:40:50 ----D---- C:\Documents and Settings\Andrew\Application Data\Skype
2009-09-06 23:17:37 ----D---- C:\WINDOWS\WinSxS
2009-09-06 22:12:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-06 21:33:42 ----D---- C:\Documents and Settings
2009-09-06 20:51:58 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-06 10:20:32 ----D---- C:\WINDOWS\Registration
2009-09-06 00:09:02 ----D---- C:\Program Files\Satellite
2009-08-28 14:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-15 20:38:55 ----D---- C:\Documents and Settings\Andrew\Application Data\dvdcss
2009-08-13 08:16:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-13 03:05:40 ----D---- C:\Program Files\Outlook Express
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\WUPS.DLL
2009-08-06 19:24:06 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 19:24:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-06 19:24:04 ----A---- C:\WINDOWS\system32\cdm.dll
2009-08-06 19:24:00 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-06 19:23:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-05 02:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 22:28:08 ----D---- C:\Program Files\Picasa2
2009-07-29 03:01:41 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 03:01:41 ----D---- C:\Program Files\Internet Explorer
2009-07-19 06:33:02 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 12:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 07:21:59 ----D---- C:\Documents and Settings\Andrew\Application Data\BitTorrent
2009-07-14 04:03:14 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-10-05 62799]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-06-02 17056]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-05 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-05 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-05 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-05 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-05 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-05 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-05 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-05 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-05 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-03 121472]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2004-11-01 272568]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-01-08 51582]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-22 34816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Andrew\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-06 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-06 21744]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys []
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Andrew\LOCALS~1\Temp\mbr.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08 40552]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PRISM_A02;802.11a/g USB Driver; C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys [2004-01-07 339488]
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2005-01-10 28216]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2002-10-17 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-01-17 98304]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-09 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-11-16 50048]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2004-12-16 50048]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-13 155648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-25 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-03 356352]
R2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-07-27 26488]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
S4 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S4 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:07 AM

Posted 04 October 2009 - 03:49 PM

Hi mrback,

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Next

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Posted Image

Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back here with the following logs:
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#14 mrback

mrback
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 05 October 2009 - 09:56 AM

Syler thank you very much for your help.
I just realized that my CD/DVD drive is not working anymore.
I still get the messages that I am not the admin.
I don t know whether it can be of any help but I think infections started when I downloaded the TV Player Classic from the peer to peer exchange site and that what naturally appears in the Kaspersky report.

Did uninstall ComboFix
I did un install the old versions of Java and installed the new versions


Here are all the logs
Once again thank you for your help



Monday, October 5, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 05, 2009 02:41:29
Records in database: 2911309
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
Scan statistics
Objects scanned 87903
Threats found 2
Infected objects found 4
Suspicious objects found 0
Scan duration 05:45:46

File name Threat Threats count
C:\Documents and Settings\Andrew\My Documents\BitTorrent Downloads\Super Internet TV 7.4\onlinetv74.exe Infected: Trojan.Win32.Buzus.ccrb 1
C:\Documents and Settings\Andrew\My Documents\BitTorrent Downloads\TV Player Classic v5.4.9\TV Player Classic 5.4.9.rar Infected: Packed.Win32.TDSS.z 3




Logfile of random's system information tool 1.06 (written by random/random)
Run by Andrew at 2009-10-05 07:40:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (13%) free of 57 GB
Total RAM: 759 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:04 AM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\imapi.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\SCROLL MOUSE\SCROLL MOUSE\4.0\lwbwheel.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andrew\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://webapp.reshealthcare.org/remotenet/...ca32/ica32t.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1244179511406
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

--
End of file - 9265 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-08 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-05 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-14 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6FFE2AE-4D12-451F-B457-FE6125FFB1CF}]
InlineSearchHandleHotKeys Class - C:\Program Files\IEForge\Inline Search\InlineSearch.dll [2006-11-07 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-14 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-13 169984]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-04 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe [2007-09-07 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-04 606208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-05 127035]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Express ClickYes]
C:\Program Files\Express ClickYes\ClickYes.exe [2005-07-27 32256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-04 1836544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe [2006-01-06 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
C:\WINDOWS\system32\hphmon06.exe [2006-01-06 659456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2006-01-06 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
C:\Program Files\iCall\iCall.exe [2008-12-18 1587576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
C:\Program Files\SCROLL MOUSE\SCROLL MOUSE\4.0\lwbwheel.exe [2000-02-11 242688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-01-09 1176808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-08 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-06 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe [2003-10-23 217194]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TOSBTM~1.EXE [2004-12-22 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
C:\PROGRA~1\RESEAR~1\BLACKB~1\DESKTO~1.EXE [2007-01-18 1212416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
C:\PROGRA~1\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^X1 System Tray.lnk]
C:\Documents and Settings\Andrew\Desktop\X1\X1Systray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcusrmgr"=2
"mcmispupdmgr"=2
"mctskshd.exe"=2
"MSK80Service"=2
"McRedirector"=2
"mcpromgr"=2
"MPS9"=2
"McLogManagerService"=2
"McAfee HackerWatch Service"=2
"Emproxy"=3
"aawservice"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-08 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iCall\iCall.exe"="C:\Program Files\iCall\iCall.exe:*:Enabled:iCall"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-10-04 18:35:20 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-04 18:35:20 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-04 18:35:20 ----A---- C:\WINDOWS\system32\java.exe
2009-10-04 18:14:40 ----SD---- C:\Combo-Fix19432C
2009-10-03 16:00:42 ----SHD---- C:\RECYCLER
2009-10-03 16:00:13 ----D---- C:\_OTM
2009-10-03 15:55:39 ----D---- C:\Program Files\ERUNT
2009-10-02 01:51:17 ----D---- C:\Documents and Settings\Andrew\Application Data\Malwarebytes
2009-10-02 01:51:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-02 01:51:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-02 01:43:43 ----A---- C:\ComboFix.txt
2009-10-01 00:03:54 ----D---- C:\Program Files\trend micro
2009-10-01 00:03:53 ----D---- C:\rsit
2009-09-12 22:42:56 ----D---- C:\Combo-Fix
2009-09-09 17:54:06 ----D---- C:\Program Files\NVT Malware Remover Tool
2009-09-09 16:11:30 ----A---- C:\Boot.bak
2009-09-09 16:11:14 ----RASHD---- C:\cmdcons
2009-09-09 15:58:14 ----D---- C:\WINDOWS\ERDNT
2009-09-09 07:31:37 ----A---- C:\WINDOWS\system32\MRT.INI
2009-09-09 07:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 07:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 07:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-08 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-06 23:17:23 ----D---- C:\Program Files\iCall
2009-09-06 22:14:21 ----D---- C:\Program Files\iPod
2009-09-06 22:14:10 ----D---- C:\Program Files\iTunes
2009-09-06 22:12:50 ----D---- C:\Program Files\QuickTime
2009-09-06 22:12:15 ----D---- C:\Program Files\Apple Software Update
2009-09-06 22:11:55 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-09-06 22:11:38 ----D---- C:\Program Files\Common Files\Apple
2009-09-06 20:08:47 ----D---- C:\Program Files\TVPlayerClassic
2009-09-06 17:37:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-09-06 10:23:25 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-26 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 03:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-03 20:19:32 ----HD---- C:\WINDOWS\PIF
2009-07-15 03:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 3 months======

2009-10-05 07:21:47 ----D---- C:\WINDOWS\Temp
2009-10-05 03:00:57 ----SD---- C:\WINDOWS\Tasks
2009-10-04 18:37:28 ----D---- C:\Program Files\Mozilla Firefox
2009-10-04 18:35:26 ----SHD---- C:\WINDOWS\Installer
2009-10-04 18:35:26 ----D---- C:\Config.Msi
2009-10-04 18:35:20 ----D---- C:\WINDOWS\SYSTEM32
2009-10-04 18:34:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-04 18:33:50 ----RASH---- C:\BOOT.INI
2009-10-04 18:33:50 ----A---- C:\WINDOWS\WIN.INI
2009-10-04 18:33:50 ----A---- C:\WINDOWS\system.ini
2009-10-04 18:33:47 ----D---- C:\WINDOWS\pss
2009-10-04 18:15:10 ----SHD---- C:\System Volume Information
2009-10-04 18:15:10 ----D---- C:\WINDOWS\system32\Restore
2009-10-04 18:15:06 ----D---- C:\WINDOWS
2009-10-04 18:13:37 ----D---- C:\Program Files\Viewpoint
2009-10-04 18:13:37 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-10-03 16:10:54 ----D---- C:\Program Files\McAfee
2009-10-03 16:00:26 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-10-03 15:55:39 ----RD---- C:\Program Files
2009-10-02 08:59:24 ----HD---- C:\WINDOWS\INF
2009-10-02 08:59:18 ----D---- C:\WINDOWS\system32\DRIVERS
2009-10-02 08:54:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-02 01:33:44 ----D---- C:\WINDOWS\AppPatch
2009-10-02 01:33:28 ----D---- C:\Program Files\Common Files
2009-10-02 01:05:06 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-02 00:59:11 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-10-01 23:20:30 ----D---- C:\WINDOWS\Help
2009-09-13 22:46:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-11 23:17:06 ----D---- C:\Program Files\Java
2009-09-10 00:11:15 ----D---- C:\WINDOWS\system32\CONFIG
2009-09-09 16:04:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-09 07:25:21 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 07:25:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-08 21:44:47 ----D---- C:\Program Files\Bonjour
2009-09-07 15:40:50 ----D---- C:\Documents and Settings\Andrew\Application Data\Skype
2009-09-06 23:17:37 ----D---- C:\WINDOWS\WinSxS
2009-09-06 22:12:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-06 21:33:42 ----D---- C:\Documents and Settings
2009-09-06 20:51:58 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-06 10:20:32 ----D---- C:\WINDOWS\Registration
2009-09-06 00:09:02 ----D---- C:\Program Files\Satellite
2009-08-28 14:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-15 20:38:55 ----D---- C:\Documents and Settings\Andrew\Application Data\dvdcss
2009-08-13 08:16:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-13 03:05:40 ----D---- C:\Program Files\Outlook Express
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\WUPS.DLL
2009-08-06 19:24:06 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 19:24:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-06 19:24:04 ----A---- C:\WINDOWS\system32\cdm.dll
2009-08-06 19:24:00 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-06 19:23:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-05 02:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 22:28:08 ----D---- C:\Program Files\Picasa2
2009-07-29 03:01:41 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 03:01:41 ----D---- C:\Program Files\Internet Explorer
2009-07-19 06:33:02 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 12:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 07:21:59 ----D---- C:\Documents and Settings\Andrew\Application Data\BitTorrent
2009-07-14 04:03:14 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-10-05 62799]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-06-02 17056]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-05 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-05 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-05 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-05 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-05 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-05 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-05 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-05 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-05 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-03 121472]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2004-11-01 272568]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-01-08 51582]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-22 34816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Andrew\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-06 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-06 21744]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys []
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Andrew\LOCALS~1\Temp\mbr.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08 40552]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PRISM_A02;802.11a/g USB Driver; C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys [2004-01-07 339488]
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2005-01-10 28216]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2002-10-17 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-01-17 98304]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-09 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-11-16 50048]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2004-12-16 50048]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-13 155648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-04 153376]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-03 356352]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-07-27 26488]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
S4 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S4 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:07 AM

Posted 05 October 2009 - 11:55 AM

I think infections started when I downloaded the TV Player Classic from the peer to peer exchange site and that what naturally


Yess it looks like that, and a very nasty one you have downloaded too, that is why we warn people again using P2P!

Why have you disabled all you startups with MSconfig? you should not do this blindly some program may be needed on start up, otherwise the programs they relate
to might not work properly, did you check them all to see if they were needed? if you can disable them ok them im sure you can re-enable then you need to do
so with McAfee at least, and any others that might need to be there!

Obvious question are you running in an account with admin privileges? when do you get the admin warning is it only using MSconfig?

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users