Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtualmonde & OTHERS!!


  • This topic is locked This topic is locked
12 replies to this topic

#1 nikkim73

nikkim73

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 15 October 2009 - 10:09 AM

Please help!

I have a Toshiba laptop. I discovered that my McAfee antivirus was having a problem (in the details it said it was using Norton) so believe it never was updating when it said it was daily. All the normal things happened (running slowly, picking up XBox in media extender (even wireless turned off) etc.) Anyways, talked with tech support & they walked me thru unistalling Norton (pre-installed on computer but never activated) & re-installing McAfee. Ran McAfee & still said no infections. Installed & ran AdAware & Malwarebyte (Malwarebytes wouldn't load the exe file & I had to DL to flash drive & copy exe file to hard-drive, but it eventually ran)....and they said there was TONS of stuff on computer. Both programs removed things. I eventually uninstalled AdAware 'cause McAfee was saying it had viruses (could it have been the quarantined malware?)

I thought everything was better after Malwarebytes & then McAfee were finding & quarantining things. Both said everything was clean then I ran Malwarebytes again & it found 8 more infections (Trojan.Vundo & Trojan.Vundo.H) & quarantined and/or deleted them. Upon reboot to delete a dll file, I kept getting message that "WINDOWS\system32\vetajume.dll is not valid Windows image. Please check against diskette". I searched online as learned this is another virus problem.

I have a HJT log, DDS log, Malwarebyte log, ark.txt...but will only post what informational post said to post.

THANK YOU in advance!!! This all so frustrating 'cause I thought I was doing everything right....sheesh...

Nikki

Here is the DDS log:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Nikki at 9:35:13.61 on Thu 10/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.338 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nikki\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LXBSCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBStime.dll,_RunDLLEntry@16
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
mRun: [lxcjmon.exe] "c:\program files\lexmark 8300 series\lxcjmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 8300 series\ezprint.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "f:\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\nikki\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft home publishing\MHPRMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: wuwugoyi.dll c:\windows\system32\wadumepo.dll c:\windows\system32\gasesowo.dll c:\windows\system32\bahegope.dll ,hupezivu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: bibawaduv - {5b185a80-0e3a-456a-8cfc-a5ca4cd34fc5} - c:\windows\system32\wadumepo.dll
SSODL: bujedosuf - {c14e9f61-cb46-40dc-a8d6-b028174b6a0f} - c:\windows\system32\gasesowo.dll
SSODL: famulapiy - {3c12fa13-2def-4425-b9d9-3d5b4408e516} - c:\windows\system32\bahegope.dll
STS: gahurihor: {5b185a80-0e3a-456a-8cfc-a5ca4cd34fc5} - c:\windows\system32\wadumepo.dll
STS: kupuhivus: {c14e9f61-cb46-40dc-a8d6-b028174b6a0f} - c:\windows\system32\gasesowo.dll
STS: tokatiluy: {3c12fa13-2def-4425-b9d9-3d5b4408e516} - c:\windows\system32\bahegope.dll
LSA: Notification Packages = scecli fehilasi.dll jasafusa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nikki\applic~1\mozilla\firefox\profiles\xip6x07m.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.iwon.com/iwon-homepage/home.jhtml
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-11 203280]

=============== Created Last 30 ================

2009-10-15 09:24 <DIR> --d----- c:\program files\Runtime Software
2009-10-14 11:48 <DIR> --dsh--- c:\documents and settings\nikki\PrivacIE
2009-10-14 09:32 70 a---h--- C:\aaw7boot.cmd
2009-10-13 10:42 <DIR> --dsh--- c:\documents and settings\nikki\IETldCache
2009-10-13 09:46 <DIR> --d----- c:\program files\SpywareBlaster
2009-10-13 09:36 <DIR> -cd-h--- c:\windows\ie8
2009-10-12 21:26 <DIR> --d----- c:\docume~1\nikki\applic~1\Malwarebytes
2009-10-12 21:25 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 21:25 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-12 21:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-12 21:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 10:26 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2009-10-12 10:01 <DIR> --d----- c:\program files\Trend Micro
2009-10-11 21:45 8,901 a------- c:\windows\system32\Config.MPF
2009-10-11 21:41 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-10-11 21:41 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-10-11 21:41 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-10-11 21:41 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-10-11 21:40 <DIR> --d----- c:\program files\common files\McAfee
2009-10-11 21:39 <DIR> --d----- c:\program files\McAfee.com
2009-10-11 21:39 <DIR> --d----- c:\program files\McAfee
2009-10-11 21:33 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-10-11 18:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2009-10-11 18:31 <DIR> --d----- c:\program files\Citrix
2009-10-11 18:31 61,224 a------- c:\documents and settings\nikki\GoToAssistDownloadHelper.exe
2009-09-24 15:45 29 a------- c:\windows\DEBUGSM.INI

==================== Find3M ====================

2009-10-14 10:54 137,668 a------- c:\windows\HPHins15.dat
2009-09-18 09:25 1,052 a------- c:\docume~1\nikki\applic~1\wklnhst.dat
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 23:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 23:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2008-12-13 12:59 256 a------- c:\documents and settings\nikki\pool.bin
2009-07-10 18:48 69,120 a--sh--- c:\windows\system32\dovalaji.dll
2009-07-08 17:36 61,440 a--sh--- c:\windows\system32\durubani.dll
2009-07-14 11:30 52,224 a--sh--- c:\windows\system32\hupezivu.dll
2009-07-14 11:30 52,224 a--sh--- c:\windows\system32\mudagodu.dll
2009-07-08 17:36 169,472 a--sh--- c:\windows\system32\wulopahe.dll
2009-07-08 17:37 83,968 a--sh--- c:\windows\system32\yudedawo.dll

============= FINISH: 9:36:30.44 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:45 AM

Posted 27 October 2009 - 07:19 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 nikkim73

nikkim73
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 27 October 2009 - 10:03 PM

Hi Syler...

THANK YOU SO MUCH for the response! I really appreciate any help you can give. Malwarebytes still finds the same trojans daily & then removes and/or quarantines them. McAfee also does the same. I changed my settings in Firefox to disallow cookies, not allow popups, no re-directions, etc. But I still gets pop-ups ads that say "Windows Internet Explorer" in the Title bar (these are mostly for making money posting things to Google, or adult dating sites). I also get re-directions when I click on a search result in Google. I have to copy & paste the actual link or use a different search engine.

Thank you so much again.

Nikki

Here are the logs you requested:

Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nikki at 2009-10-27 21:47:26
Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (34%) free of 95 GB
Total RAM: 1014 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:50 PM, on 10/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\PROGRA~1\LEXMAR~4\PAGEMA~1\Pmsb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Nikki\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nikki.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [serisejeh] Rundll32.exe "c:\windows\system32\muzupera.dll",a
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - S-1-5-18 Startup: Microsoft Home Publishing Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Home Publishing Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE (User 'Default user')
O4 - Startup: Microsoft Home Publishing Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: wuwugoyi.dll c:\windows\system32\wadumepo.dll c:\windows\system32\gasesowo.dll c:\windows\system32\bahegope.dll c:\windows\system32\muzupera.dll bihonede.dll c:\windows\system32\gijareyi.dll
O21 - SSODL: bibawaduv - {5b185a80-0e3a-456a-8cfc-a5ca4cd34fc5} - c:\windows\system32\wadumepo.dll (file missing)
O21 - SSODL: bujedosuf - {c14e9f61-cb46-40dc-a8d6-b028174b6a0f} - c:\windows\system32\gasesowo.dll (file missing)
O21 - SSODL: famulapiy - {3c12fa13-2def-4425-b9d9-3d5b4408e516} - c:\windows\system32\bahegope.dll (file missing)
O21 - SSODL: raradawev - {d786f73e-a75b-4a8a-8fc9-0f862bdd3178} - c:\windows\system32\gijareyi.dll
O21 - SSODL: humirabij - {07c80bb6-7a7d-4242-b001-e62d1d3bffaf} - c:\windows\system32\muzupera.dll
O22 - SharedTaskScheduler: gahurihor - {5b185a80-0e3a-456a-8cfc-a5ca4cd34fc5} - c:\windows\system32\wadumepo.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {c14e9f61-cb46-40dc-a8d6-b028174b6a0f} - c:\windows\system32\gasesowo.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {3c12fa13-2def-4425-b9d9-3d5b4408e516} - c:\windows\system32\bahegope.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {d786f73e-a75b-4a8a-8fc9-0f862bdd3178} - c:\windows\system32\gijareyi.dll
O22 - SharedTaskScheduler: kupuhivus - {07c80bb6-7a7d-4242-b001-e62d1d3bffaf} - c:\windows\system32\muzupera.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Nikki/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 15118 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\WebReg Deskjet D1400 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-06-01 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe []
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"CFSServ.exe"=CFSServ.exe -NoClient []
"Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-12-21 185896]
"LXBSCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16 []
"WrtMon.exe"=C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-02-01 385024]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"Malwarebytes Anti-Malware (reboot)"=F:\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"serisejeh"=c:\windows\system32\muzupera.dll [2009-07-26 90112]
"lxcjmon.exe"=C:\Program Files\Lexmark 8300 Series\lxcjmon.exe [2007-01-30 205744]
"EzPrint"=C:\Program Files\Lexmark 8300 Series\ezprint.exe [2007-01-30 103344]
"LXCJCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Nikki\Start Menu\Programs\Startup
Microsoft Home Publishing Reminders.lnk - C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wuwugoyi.dll c:\windows\system32\wadumepo.dll c:\windows\system32\gasesowo.dll c:\windows\system32\bahegope.dll c:\windows\system32\muzupera.dll bihonede.dll c:\windows\system32\gijareyi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-10 239616]
bibawaduv - {5b185a80-0e3a-456a-8cfc-a5ca4cd34fc5} - c:\windows\system32\wadumepo.dll []
bujedosuf - {c14e9f61-cb46-40dc-a8d6-b028174b6a0f} - c:\windows\system32\gasesowo.dll []
famulapiy - {3c12fa13-2def-4425-b9d9-3d5b4408e516} - c:\windows\system32\bahegope.dll []
raradawev - {d786f73e-a75b-4a8a-8fc9-0f862bdd3178} - c:\windows\system32\gijareyi.dll [2009-07-27 89600]
humirabij - {07c80bb6-7a7d-4242-b001-e62d1d3bffaf} - c:\windows\system32\muzupera.dll [2009-07-26 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
gahurihor - {5b185a80-0e3a-456a-8cfc-a5ca4cd34fc5} - c:\windows\system32\wadumepo.dll []
kupuhivus - {c14e9f61-cb46-40dc-a8d6-b028174b6a0f} - c:\windows\system32\gasesowo.dll []
tokatiluy - {3c12fa13-2def-4425-b9d9-3d5b4408e516} - c:\windows\system32\bahegope.dll []
tokatiluy - {d786f73e-a75b-4a8a-8fc9-0f862bdd3178} - c:\windows\system32\gijareyi.dll [2009-07-27 89600]
kupuhivus - {07c80bb6-7a7d-4242-b001-e62d1d3bffaf} - c:\windows\system32\muzupera.dll [2009-07-26 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
fehilasi.dll
tahuhabu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Documents and Settings\Nikki\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Nikki\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\McAfee\MSC\mcsync.exe"="C:\Program Files\McAfee\MSC\mcsync.exe:*:Enabled:McSync"
"C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr"
"C:\Documents and Settings\Nikki\Local Settings\Temp\7zS73.tmp\SymNRT.exe"="C:\Documents and Settings\Nikki\Local Settings\Temp\7zS73.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier"
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe:*:Enabled:GoogleUpdaterService"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"
"C:\WINDOWS\system32\lxcjcoms.exe"="C:\WINDOWS\system32\lxcjcoms.exe:*:Enabled:Lexmark Communications System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5c9f499-53cb-11db-a0ac-806d6172696f}]
shell\AutoRun\command - D:\GATEWAY\GATEWAY.EXE


======List of files/folders created in the last 1 months======

2009-10-27 21:47:26 ----D---- C:\rsit
2009-10-27 20:08:21 ----A---- C:\bbcscte.bat
2009-10-27 20:04:26 ----A---- C:\WINDOWS\RMTOOLS.DLL
2009-10-27 20:04:14 ----D---- C:\MAXIS
2009-10-27 12:30:16 ----A---- C:\WINDOWS\system32\tmp11C.tmp
2009-10-27 12:30:16 ----A---- C:\WINDOWS\system32\tmp11B.tmp
2009-10-27 12:30:16 ----A---- C:\WINDOWS\system32\tmp11A.tmp
2009-10-27 12:30:15 ----A---- C:\WINDOWS\system32\tmp119.tmp
2009-10-27 12:28:22 ----RA---- C:\WINDOWS\system32\lxcjcoin.dll
2009-10-27 12:27:58 ----D---- C:\WINDOWS\LastGood
2009-10-27 11:38:36 ----A---- C:\WINDOWS\system32\lxcjdrs.dll
2009-10-27 11:38:36 ----A---- C:\WINDOWS\system32\lxcjcnv4.dll
2009-10-27 11:38:05 ----D---- C:\Program Files\Lexmark 8300 Series
2009-10-27 11:37:52 ----A---- C:\WINDOWS\system32\lxcjinst.dll
2009-10-27 11:37:52 ----A---- C:\WINDOWS\system32\lxcjhcp.dll
2009-10-27 11:37:51 ----A---- C:\WINDOWS\system32\lxcjutil.dll
2009-10-27 11:37:51 ----A---- C:\WINDOWS\system32\lxcjinpa.dll
2009-10-27 11:37:51 ----A---- C:\WINDOWS\system32\lxcjiesc.dll
2009-10-27 11:37:50 ----A---- C:\WINDOWS\system32\lxcjusb1.dll
2009-10-27 11:37:50 ----A---- C:\WINDOWS\system32\lxcjserv.dll
2009-10-27 11:37:49 ----A---- C:\WINDOWS\system32\lxcjprox.dll
2009-10-27 11:37:49 ----A---- C:\WINDOWS\system32\lxcjpplc.dll
2009-10-27 11:37:49 ----A---- C:\WINDOWS\system32\lxcjpmui.dll
2009-10-27 11:37:49 ----A---- C:\WINDOWS\system32\lxcjlmpm.dll
2009-10-27 11:37:49 ----A---- C:\WINDOWS\system32\lxcjjswr.dll
2009-10-27 11:37:48 ----A---- C:\WINDOWS\system32\lxcjinsr.dll
2009-10-27 11:37:48 ----A---- C:\WINDOWS\system32\lxcjinsb.dll
2009-10-27 11:37:48 ----A---- C:\WINDOWS\system32\lxcjins.dll
2009-10-27 11:37:48 ----A---- C:\WINDOWS\system32\lxcjih.exe
2009-10-27 11:37:47 ----A---- C:\WINDOWS\system32\lxcjhbn3.dll
2009-10-27 11:37:47 ----A---- C:\WINDOWS\system32\lxcjgf.dll
2009-10-27 11:37:46 ----A---- C:\WINDOWS\system32\lxcjcur.dll
2009-10-27 11:37:46 ----A---- C:\WINDOWS\system32\lxcjcub.dll
2009-10-27 11:37:46 ----A---- C:\WINDOWS\system32\lxcjcu.dll
2009-10-27 11:37:46 ----A---- C:\WINDOWS\system32\lxcjcoms.exe
2009-10-27 11:37:45 ----A---- C:\WINDOWS\system32\lxcjcomm.dll
2009-10-27 11:37:45 ----A---- C:\WINDOWS\system32\lxcjcomc.dll
2009-10-27 11:37:45 ----A---- C:\WINDOWS\system32\lxcjcfg.exe
2009-10-27 11:37:44 ----RA---- C:\WINDOWS\system32\lxcjcfg.dll
2009-10-15 09:39:53 ----N---- C:\RootRepeal report 10-15-09 (09-39-53).txt
2009-10-15 09:24:36 ----D---- C:\Program Files\Runtime Software
2009-10-14 09:32:37 ----H---- C:\aaw7boot.cmd
2009-10-13 09:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-13 09:46:44 ----D---- C:\Program Files\SpywareBlaster
2009-10-13 09:36:48 ----HDC---- C:\WINDOWS\ie8
2009-10-12 21:26:07 ----D---- C:\Documents and Settings\Nikki\Application Data\Malwarebytes
2009-10-12 21:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-12 21:25:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-12 20:33:11 ----N---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-10-12 10:26:44 ----HDC---- C:\Documents and Settings\All Users\Application Data\~0
2009-10-12 10:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-12 10:01:57 ----D---- C:\Program Files\Trend Micro
2009-10-11 23:10:44 ----D---- C:\Program Files\Windows Live Safety Center
2009-10-11 21:45:00 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-10-11 21:40:02 ----D---- C:\Program Files\Common Files\McAfee
2009-10-11 21:39:59 ----D---- C:\Program Files\McAfee.com
2009-10-11 21:39:40 ----D---- C:\Program Files\McAfee
2009-10-11 21:25:24 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-10-11 18:37:41 ----D---- C:\Documents and Settings\All Users\Application Data\Citrix

======List of files/folders modified in the last 1 months======

2009-10-27 21:47:50 ----D---- C:\WINDOWS\Temp
2009-10-27 21:47:18 ----D---- C:\WINDOWS\Prefetch
2009-10-27 20:04:26 ----D---- C:\WINDOWS\system
2009-10-27 20:04:26 ----D---- C:\WINDOWS
2009-10-27 17:27:43 ----D---- C:\Program Files\Lx_cats
2009-10-27 13:02:38 ----D---- C:\Program Files\Mozilla Firefox
2009-10-27 12:54:08 ----A---- C:\WINDOWS\win.ini
2009-10-27 12:45:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-27 12:45:08 ----D---- C:\WINDOWS\system32
2009-10-27 12:45:02 ----SHD---- C:\WINDOWS\Installer
2009-10-27 12:45:02 ----HD---- C:\Config.Msi
2009-10-27 12:29:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-27 12:28:04 ----HD---- C:\WINDOWS\inf
2009-10-27 12:28:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-27 12:27:09 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-27 11:53:40 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-10-27 11:53:35 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-10-27 11:53:25 ----D---- C:\Program Files\Microsoft Home Publishing
2009-10-27 11:52:10 ----D---- C:\WINDOWS\system32\DLA
2009-10-27 11:51:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-27 11:38:05 ----D---- C:\Program Files
2009-10-27 09:17:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-27 09:17:07 ----D---- C:\WINDOWS\system32\drivers
2009-10-27 09:05:38 ----D---- C:\Program Files\Windows Media Player
2009-10-27 09:05:21 ----D---- C:\Program Files\QuickTime
2009-10-27 09:05:16 ----D---- C:\Program Files\Microsoft Picture It! Express
2009-10-27 09:05:06 ----D---- C:\Program Files\Kids Cam Show and Share Creativity Center
2009-10-27 09:05:02 ----D---- C:\Program Files\Internet Explorer
2009-10-27 09:05:00 ----D---- C:\Program Files\ImgBurn
2009-10-27 09:04:52 ----D---- C:\Program Files\Common Files
2009-10-27 09:04:49 ----D---- C:\Program Files\Common Files\AOL
2009-10-22 10:54:10 ----SD---- C:\WINDOWS\Tasks
2009-10-20 16:29:15 ----SHD---- C:\System Volume Information
2009-10-20 14:51:58 ----D---- C:\WINDOWS\repair
2009-10-20 14:51:48 ----D---- C:\WINDOWS\Registration
2009-10-14 09:34:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-13 10:42:09 ----D---- C:\WINDOWS\system32\en-US
2009-10-13 10:42:08 ----D---- C:\WINDOWS\Media
2009-10-13 10:42:08 ----D---- C:\WINDOWS\Help
2009-10-12 22:44:50 ----D---- C:\Program Files\Google
2009-10-12 22:43:38 ----D---- C:\Documents and Settings\Nikki\Application Data\uTorrent
2009-10-12 10:26:01 ----D---- C:\WINDOWS\WinSxS
2009-10-11 23:10:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-11 18:58:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-10-11 14:56:53 ----D---- C:\Program Files\Philips
2009-10-09 05:38:23 ----D---- C:\Documents and Settings\Nikki\Application Data\HPAppData
2009-10-06 21:35:04 ----D---- C:\WINDOWS\system32\ias

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-04 21275]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SQTECH905C;Dual Camera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-03-24 38937]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-10-14 303104]
R2 lxcj_device;lxcj_device; C:\WINDOWS\system32\lxcjcoms.exe [2007-01-30 537520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 lxbs_device;lxbs_device; C:\WINDOWS\system32\lxbscoms.exe [2004-02-20 421888]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
S4 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
S4 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
S4 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

And Info.txt

info.txt logfile of random's system information tool 1.06 2009-10-27 21:47:57

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
-->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
-->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
-->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\53d6f4280bcda6d348879a5f098bd42\Setup.exe --uninstall=1
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup-->MsiExec.exe /I{3CDDDE00-F61D-48FB-BB5D-42F9C8873EED}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Amazing Slow Downer (remove only)-->"C:\Program Files\Roni Music\Amazing Slow Downer EE\uninstall.exe"
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support-->MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bejeweled 2 Deluxe-->"C:\Program Files\Toshiba Games\Bejeweled 2 Deluxe\Uninstall.exe"
Bicycle Board Games-->"C:\Program Files\Microsoft Games\Bicycle Board Games\UNINSTAL.EXE" /runtemp /addremove
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
Blasterball 2 Revolution-->"C:\Program Files\Toshiba Games\Blasterball 2 Revolution\Uninstall.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Course 12 v2.1-->C:\PROGRA~1\COURSE~1\UNWISE.EXE C:\PROGRA~1\COURSE~1\INSTALL.LOG
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DriveImage XML (Private Edition)-->"C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
Encyclopaedia Britannica CD Installer-->"C:\Program Files\Britannica 2006\Student Library\UninstallerData\Uninstall Encyclopaedia Britannica CD Installer.exe"
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FATE-->"C:\Program Files\Toshiba Games\FATE\Uninstall.exe"
Finale NotePad 2007-->C:\Program Files\Finale NotePad 2007\uninstallNP.exe
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeschool Tracker Basic-->MsiExec.exe /I{AD528602-C32D-4E9B-A5A5-609F2A186808}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB894871)-->"C:\WINDOWS\$NtUninstallKB894871$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895200)-->"C:\WINDOWS\$NtUninstallKB895200$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Driver Software 9.0-->C:\Program Files\HP\Digital Imaging\{03E66394-42F0-4745-85F7-0A2F8F35C09F}\setup\hpzscr01.exe -datfile hphscr15.dat -showdisconnect -forcereboot
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Lexmark 810 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBSUNST.EXE -NOLICENSE
Lexmark 8300 Series-->C:\Program Files\Lexmark 8300 Series\Install\x86\Uninst.exe
Lexmark X74-X75-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"F:\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Virtual Technician-->MsiExec.exe /I{49FA793C-785E-47E9-93DF-BD442B0B45D1}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Metamail (Toshiba Registration Utility)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\setup.exe" -l0x9
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expedia Streets 98-->C:\Program Files\Common Files\Microsoft Shared\Geography\Setup\acmsetup.exe /U /T SUS60409.stf
Microsoft Home Publishing-->C:\Program Files\Microsoft Home Publishing\Setup\mhpstp.exe /m
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Express 2.0-->C:\Program Files\Microsoft Picture It! Express\Setup\setup.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Musicnotes Player V1.23.1 and Viewer-->"C:\Program Files\Musicnotes\Player\unins000.exe"
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
My DSC-->C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
MyConnect Special Offer-->MsiExec.exe /I{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}
MyDSC2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
OverDrive Media Console-->MsiExec.exe /I{34D6EED8-7650-4E1C-BC26-F5B2DDE185C6}
Planetarium-->C:\PROGRA~1\PLANET~1\UNWISE.EXE C:\PROGRA~1\PLANET~1\INSTALL.LOG
Polar Golfer-->"C:\Program Files\Toshiba Games\Polar Golfer\Uninstall.exe"
Presto! Forms 3.50.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B79920F8-AB6E-45B2-B257-900BBA969FF7}\setup.exe" -l0x9 -anything
Presto! PageManager 7.12.10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}\setup.exe" -l0x9 -anything
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Media Manager-->MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
SA30xx Media Converter-->C:\Program Files\InstallShield Installation Information\{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}\setup.exe -runfromtemp -l0x0009 -removeonly
Schoolhouse Rock 3rd & 4th Grade Essentials-->C:\THELEA~1\SHR34\uninstall.exe
SCRABBLE-->"C:\Program Files\Toshiba Games\SCRABBLE\Uninstall.exe"
Scrapbook Factory-->MsiExec.exe /X{A75AC597-EDCD-4FC7-94C5-2F72B52C95CA}
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Stellarium 0.8.2-->"C:\Program Files\Stellarium\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Game Console-->"C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA TV Tuner 4.0.12.73-->C:\Program Files\AVerMedia\TOSHIBA TV Tuner\uninst.exe
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Webster's Concise Encyclopedia v1.23-->C:\WINDOWS\uninst.exe -f"C:\Sofsource\Webster's Concise Encyclopedia\DeIsL1.isu"
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB884018-->C:\WINDOWS\$NtUninstallKB884018$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB889673-->C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890546-->C:\WINDOWS\$NtUninstallKB890546$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893056-->C:\WINDOWS\$NtUninstallKB893056$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Yahoo! Music Engine-->"C:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe"

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: LAPTOP
Event Code: 10010
Message: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Record Number: 16846
Source Name: DCOM
Time Written: 20091013205410.000000-300
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: LAPTOP
Event Code: 10010
Message: The server {44603E4D-56AE-4C42-ABE4-EC155FE8F1CD} did not register with DCOM within the required timeout.

Record Number: 16845
Source Name: DCOM
Time Written: 20091013205234.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LAPTOP
Event Code: 10010
Message: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Record Number: 16844
Source Name: DCOM
Time Written: 20091013205209.000000-300
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: LAPTOP
Event Code: 10010
Message: The server {76DEF3AC-2910-4234-9EE2-C81B2D45833A} did not register with DCOM within the required timeout.

Record Number: 16843
Source Name: DCOM
Time Written: 20091013205034.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LAPTOP
Event Code: 10010
Message: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Record Number: 16842
Source Name: DCOM
Time Written: 20091013205009.000000-300
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: LAPTOP
Event Code: 1002
Message: Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4811
Source Name: Application Hang
Time Written: 20081105184024.000000-360
Event Type: error
User:

Computer Name: LAPTOP
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20080.20121, faulting module npswf32.dll, version 9.0.28.0, fault address 0x00187e35.

Record Number: 4808
Source Name: Application Error
Time Written: 20081104112351.000000-360
Event Type: error
User:

Computer Name: LAPTOP
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20080.20121, faulting module npswf32.dll, version 9.0.28.0, fault address 0x00187e35.

Record Number: 4807
Source Name: Application Error
Time Written: 20081104111303.000000-360
Event Type: error
User:

Computer Name: LAPTOP
Event Code: 1517
Message: Windows saved user LAPTOP\Nikki registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4789
Source Name: Userenv
Time Written: 20081027201307.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LAPTOP
Event Code: 1517
Message: Windows saved user LAPTOP\Nikki registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4781
Source Name: Userenv
Time Written: 20081019174749.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:45 AM

Posted 28 October 2009 - 08:14 AM

Hi Nikki,

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Please post back here with the following logs:
  • Combofix.txt
  • Gmer log
Thanks

unite.jpg


#5 nikkim73

nikkim73
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 28 October 2009 - 11:40 AM

Hi again. Here are the logs you requested. I noticed in the ComboFix log that while anti-virus was disabled, the firewall wasn't...Is this gonna be a problem? Let me know if I should do it again. Also during GMER, the real-time scanning was disabled, but it re-enabled itself. (I went to enable it after saving the Gmer log, & saw that it was already enabled.) I hope I didn't completely screw this up :(

Thanks again for your help.

ComboFix.txt

ComboFix 09-10-27.07 - Nikki 10/28/2009 8:41.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.257 [GMT -5:00]
Running from: c:\documents and settings\Nikki\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-3868997124-911790988-508925577-500
c:\windows\kb913800.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\bihonede.dll
c:\windows\system32\bolijida.dll.tmp
c:\windows\system32\buzalevu.dll
c:\windows\system32\dipoveya.dll
c:\windows\system32\durubani.dll
c:\windows\system32\fehilasi.dll.tmp
c:\windows\system32\gehudehe.dll
c:\windows\system32\gijareyi.dll
c:\windows\system32\gonifesu.dll
c:\windows\system32\jotizuro.dll
c:\windows\system32\muzupera.dll
c:\windows\system32\nehokaki.dll
c:\windows\system32\ntnet.drv
c:\windows\system32\retupodi.dll
c:\windows\system32\tahuhabu.dll
c:\windows\system32\vipepili.dll
c:\windows\system32\wulopahe.dll
c:\windows\system32\wuwugoyi.dll.tmp
c:\windows\system32\yudedawo.dll

----- BITS: Possible infected sites -----

hxxp://82.98.235.208
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 02:47 . 2009-10-28 02:47 -------- d-----w- C:\rsit
2009-10-28 01:08 . 2009-10-28 01:08 94 ----a-w- C:\bbcscte.bat
2009-10-28 01:04 . 1996-03-19 05:00 136448 ----a-w- c:\windows\RMTOOLS.DLL
2009-10-28 01:04 . 1994-09-16 05:00 20976 ----a-w- c:\windows\system\CTL3D.DLL
2009-10-28 01:04 . 2009-10-28 01:04 -------- d-----w- C:\MAXIS
2009-10-27 17:28 . 2007-01-22 13:49 344064 ----a-r- c:\windows\system32\lxcjcoin.dll
2009-10-27 17:27 . 2009-10-27 17:28 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-27 16:38 . 2007-01-17 20:44 413696 ----a-w- c:\windows\system32\lxcjdrs.dll
2009-10-27 16:38 . 2005-08-08 14:01 61440 ----a-w- c:\windows\system32\lxcjcnv4.dll
2009-10-27 16:38 . 2009-10-27 17:45 -------- d-----w- c:\program files\Lexmark 8300 Series
2009-10-22 19:33 . 2009-10-22 19:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-15 14:38 . 2009-10-15 14:38 0 ------w- c:\documents and settings\Nikki\settings.dat
2009-10-15 14:24 . 2009-10-15 14:24 -------- d-----w- c:\program files\Runtime Software
2009-10-14 16:48 . 2009-10-14 16:48 -------- d-sh--w- c:\documents and settings\Nikki\PrivacIE
2009-10-14 14:32 . 2009-10-14 14:32 70 ---h--w- C:\aaw7boot.cmd
2009-10-13 18:35 . 2009-10-13 18:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-13 18:05 . 2009-10-13 18:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-13 15:42 . 2009-10-13 15:42 -------- d-sh--w- c:\documents and settings\Nikki\IETldCache
2009-10-13 14:46 . 2009-10-13 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-13 14:46 . 2009-10-13 14:50 -------- d-----w- c:\program files\SpywareBlaster
2009-10-13 14:36 . 2009-10-13 14:40 -------- dc-h--w- c:\windows\ie8
2009-10-13 02:26 . 2009-10-13 02:26 -------- d-----w- c:\documents and settings\Nikki\Application Data\Malwarebytes
2009-10-13 02:25 . 2009-09-10 19:54 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 02:25 . 2009-10-13 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-13 02:25 . 2009-09-10 19:53 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-10-13 02:25 . 2009-10-13 03:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 15:26 . 2009-10-14 14:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-10-12 15:26 . 2009-10-14 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-12 15:01 . 2009-10-12 15:01 -------- d-----w- c:\program files\Trend Micro
2009-10-12 04:10 . 2009-10-12 04:16 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-12 02:45 . 2009-10-12 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-10-12 02:41 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-12 02:41 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-12 02:41 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-12 02:41 . 2009-07-16 17:32 120136 ------w- c:\windows\system32\drivers\Mpfp.sys
2009-10-12 02:40 . 2009-10-12 02:41 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-12 02:39 . 2009-10-12 02:40 -------- d-----w- c:\program files\McAfee.com
2009-10-12 02:39 . 2009-10-25 03:59 -------- d-----w- c:\program files\McAfee
2009-10-12 02:33 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-12 02:25 . 2009-10-12 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-11 23:37 . 2009-10-11 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-10-11 23:31 . 2009-10-11 23:31 -------- d-----w- c:\documents and settings\Nikki\Local Settings\Application Data\Citrix
2009-10-11 23:31 . 2009-10-11 23:31 61224 ------w- c:\documents and settings\Nikki\GoToAssistDownloadHelper.exe
2009-10-09 10:37 . 2009-10-09 10:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 13:32 . 2007-05-09 00:51 -------- d-----w- c:\program files\Lx_cats
2009-10-28 13:22 . 2007-04-19 14:12 -------- d-----w- c:\program files\Microsoft Home Publishing
2009-10-27 17:45 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 14:46 . 2009-10-27 14:46 457424 ----a-w- c:\documents and settings\All Users\SPL10E.tmp
2009-10-27 14:05 . 2007-11-21 01:55 -------- d-----w- c:\program files\QuickTime
2009-10-27 14:05 . 2007-04-19 14:07 -------- d-----w- c:\program files\Microsoft Picture It! Express
2009-10-27 14:05 . 2006-12-26 02:57 -------- d-----w- c:\program files\Kids Cam Show and Share Creativity Center
2009-10-27 14:05 . 2009-09-15 05:15 -------- d-----w- c:\program files\ImgBurn
2009-10-27 14:04 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\AOL
2009-10-14 15:54 . 2009-09-09 13:59 137668 ------w- c:\windows\HPHins15.dat
2009-10-13 03:44 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google
2009-10-13 03:43 . 2009-09-15 04:46 -------- d-----w- c:\documents and settings\Nikki\Application Data\uTorrent
2009-10-11 23:58 . 2006-05-23 21:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-11 19:56 . 2008-12-16 21:11 -------- d-----w- c:\program files\Philips
2009-10-09 10:38 . 2009-09-09 14:07 -------- d-----w- c:\documents and settings\Nikki\Application Data\HPAppData
2009-09-24 20:45 . 2007-11-12 00:21 -------- d-----w- c:\documents and settings\Nikki\Application Data\NewSoft
2009-09-19 21:18 . 2006-10-05 00:44 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-18 14:25 . 2006-10-07 03:49 1052 ------w- c:\documents and settings\Nikki\Application Data\wklnhst.dat
2009-09-18 13:56 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works
2009-09-16 15:22 . 2009-07-08 18:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-15 05:27 . 2009-09-15 05:24 -------- d-----w- c:\documents and settings\Nikki\Application Data\ImgBurn
2009-09-14 18:41 . 2009-09-14 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\TGHomeSoft
2009-09-14 18:38 . 2009-09-14 18:38 -------- d-----w- c:\program files\TGHome
2009-09-10 22:12 . 2007-11-14 00:19 -------- d-----w- c:\program files\Britannica 2006
2009-09-09 14:13 . 2009-09-09 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-09-09 14:13 . 2009-09-09 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-09 14:12 . 2006-02-16 16:59 107544 ------w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 14:12 . 2009-09-09 14:12 -------- d-----w- c:\documents and settings\Nikki\Application Data\HP
2009-09-09 14:07 . 2009-09-09 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-09 14:07 . 2009-09-09 14:03 -------- d-----w- c:\program files\HP
2009-09-09 14:07 . 2009-09-09 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-09-09 14:06 . 2009-09-09 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-09-09 14:04 . 2009-09-09 14:04 -------- d-----w- c:\program files\Common Files\HP
2009-09-03 21:31 . 2009-09-03 21:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-03 08:18 . 2009-09-03 08:18 -------- d-----w- c:\program files\MSBuild
2009-09-03 08:18 . 2009-09-03 08:18 -------- d-----w- c:\program files\Reference Assemblies
2009-08-20 21:04 . 2008-12-16 23:04 256 ------w- c:\windows\system32\pool.bin
2009-08-07 00:24 . 2006-02-15 15:36 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2006-02-15 15:36 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2006-02-15 15:36 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 11:16 44768 ------w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2006-02-15 15:36 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2006-02-15 14:02 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2006-02-15 15:36 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2006-02-15 15:36 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2006-02-15 14:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-21 185896]
"LXBSCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Malwarebytes Anti-Malware (reboot)"="f:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2007-01-30 205744]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2007-01-30 103344]
"LXCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 106496]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\Nikki\Start Menu\Programs\Startup\
Microsoft Home Publishing Reminders.lnk - c:\program files\Microsoft Home Publishing\MHPRMIND.EXE [1998-8-13 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Documents and Settings\\Nikki\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcsync.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\WINDOWS\\system32\\lxcjcoms.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/11/2009 9:44 PM 210216]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 17:22]

2009-10-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 17:22]

2006-10-04 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 12:00]

2009-10-22 c:\windows\Tasks\WebReg Deskjet D1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 02:27]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - c:\documents and settings\Nikki\Application Data\Mozilla\Firefox\Profiles\xip6x07m.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.iwon.com/iwon-homepage/home.jhtml
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{8c606702-cc1e-4c1d-8db8-fcf6e535e776} - retupodi.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
HKLM-Run-serisejeh - c:\windows\system32\muzupera.dll
HKLM-Run-mogiluhehe - tahuhabu.dll
SharedTaskScheduler-{5b185a80-0e3a-456a-8cfc-a5ca4cd34fc5} - c:\windows\system32\wadumepo.dll
SharedTaskScheduler-{c14e9f61-cb46-40dc-a8d6-b028174b6a0f} - c:\windows\system32\gasesowo.dll
SharedTaskScheduler-{3c12fa13-2def-4425-b9d9-3d5b4408e516} - c:\windows\system32\bahegope.dll
SharedTaskScheduler-{d786f73e-a75b-4a8a-8fc9-0f862bdd3178} - c:\windows\system32\gijareyi.dll
SharedTaskScheduler-{422ebf7c-250f-4a68-aadd-5224141fc14d} - c:\windows\system32\nehokaki.dll
SSODL-bibawaduv-{5b185a80-0e3a-456a-8cfc-a5ca4cd34fc5} - c:\windows\system32\wadumepo.dll
SSODL-bujedosuf-{c14e9f61-cb46-40dc-a8d6-b028174b6a0f} - c:\windows\system32\gasesowo.dll
SSODL-famulapiy-{3c12fa13-2def-4425-b9d9-3d5b4408e516} - c:\windows\system32\bahegope.dll
SSODL-raradawev-{d786f73e-a75b-4a8a-8fc9-0f862bdd3178} - c:\windows\system32\gijareyi.dll
SSODL-jetufedij-{422ebf7c-250f-4a68-aadd-5224141fc14d} - c:\windows\system32\nehokaki.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 08:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
LXCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1920)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\lxcjcoms.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\combofix\CF1887.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\program files\Lexmark X74-X75\lxbbbmon.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 9:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 14:01

Pre-Run: 34,131,836,928 bytes free
Post-Run: 34,429,313,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 5C9EDF146ACB2F1D01C427BE04273007




Gmer log

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 11:31:09
Windows 5.1.2600 Service Pack 2
Running: 3jje77mu.exe; Driver: C:\DOCUME~1\Nikki\LOCALS~1\Temp\uwtdapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA7936FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAA793821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA793726]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA7937CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA793835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA793861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA7938CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA7938B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA793750]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA7938FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA79380D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA7937A7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA7937BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA793710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA793937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA7938A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA79388D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA79384B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA793923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA79390F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA7937F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA7937E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAA793877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA793793]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA7938E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA793766]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA79373A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 80509074 7 Bytes JMP AA79373E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572CC8 5 Bytes JMP AA793811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8057310C 7 Bytes JMP AA793891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80577D6F 5 Bytes JMP AA793825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80578AE4 7 Bytes JMP AA79393B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80578EE4 7 Bytes JMP AA7938D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8057A184 5 Bytes JMP AA793700 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057B063 5 Bytes JMP AA79376A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057B4DB 7 Bytes JMP AA793754 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8057CABD 5 Bytes JMP AA7937AB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057CDD2 7 Bytes JMP AA793714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8057D7D5 7 Bytes JMP AA79387B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 805800A1 5 Bytes JMP AA7937E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8058AF3E 7 Bytes JMP AA7938BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058C744 7 Bytes JMP AA7937D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058F609 5 Bytes JMP AA793797 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8059C4D2 5 Bytes JMP AA7938FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8059C7B4 5 Bytes JMP AA7937BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 8059E48E 7 Bytes JMP AA793865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 8059F837 7 Bytes JMP AA793839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B4038 5 Bytes JMP AA79372A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 806353F7 5 Bytes JMP AA7937FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 806547D2 5 Bytes JMP AA793913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80654AA7 7 Bytes JMP AA7938E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 80655374 7 Bytes JMP AA7938A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 806557B9 7 Bytes JMP AA79384F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 80655CAE 5 Bytes JMP AA793927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? Combo-Fix.sys The system cannot find the file specified. !
? C:\DOCUME~1\Nikki\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070056
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F57
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070F68
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070F2B
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F3C
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0007009F
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F10
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 000700B0
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00070067
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 0007008E
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060076
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 0006005B
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA6
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FB7
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050016
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050027
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[892] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DE0FE5
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00DE006C
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00DE0047
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00DE0F6D
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00DE002C
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00DE0011
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00DE0087
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00DE0F4B
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DE00C7
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DE0F24
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00DE0F13
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00DE0F8A
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00DE0FD4
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00DE0F5C
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00DE0000
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00DE0FB9
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00DE00AC
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DD0FCA
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DD004A
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DD0FE5
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DD001B
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00DD0F83
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00DD0F9E
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [FD, 88]
.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00DD0FB9
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DC0053
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DC0FC8
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DC002E
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DC0FD9
.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DC001D
.text C:\WINDOWS\system32\lsass.exe[904] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CF0F44
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CF0F5F
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CF0F7C
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CF0F8D
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CF002F
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CF0F29
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CF0065
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CF00A7
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CF0F0E
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CF0EF3
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CF0FA8
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CF0054
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CF0FC3
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CF001E
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CF008C
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0F79
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0FCA
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0FDB
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00CE0036
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00CE0F8A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [EE, 88]
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00CE0FA5
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0FA8
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0033
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD0FD7
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0022
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\svchost.exe[1096] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00790FEF
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00790F73
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00790068
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00790F9A
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00790FAB
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00790FBC
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007900BB
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0079009E
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00790F2C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00790F3D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007900D6
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00790043
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00790FDE
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00790083
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00790FCD
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0079001E
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00790F58
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0078002C
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00780FC3
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00780FD4
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00780F79
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00780F94
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [98, 88]
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00770FA4
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 0077002F
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00770FC6
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00770FB5
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00760FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1272] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1272] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01F7000A
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01F70F5C
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01F70F77
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01F70051
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01F70F94
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01F70FB9
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01F7006C
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01F70F30
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01F70EEE
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01F70EFF
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01F70EDD
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01F70040
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01F7001B
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01F70F4B
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01F70FD4
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01F70FEF
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01F7007D
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01F20025
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01F20065
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01F20FDE
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01F2000A
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01F20FB2
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01F20FEF
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 01F2004A
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01F20FC3
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0177005D
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!system 77C293C7 5 Bytes JMP 01770FD2
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0177001D
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01770FEF
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01770038
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0177000C
.text C:\WINDOWS\System32\svchost.exe[1356] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01750FE5
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 01740000
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 01740FE5
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 01740FCA
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 01740FAF
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00950FEF
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00950F91
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00950FAC
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00950086
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00950069
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00950047
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00950F65
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00950F76
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009500FE
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009500E3
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00950119
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00950058
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00950000
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009500A1
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0095002C
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0095001B
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009500D2
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00940036
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0094005B
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00940FE5
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0094001B
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00940FA8
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 0094000A
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00940FB9
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [B4, 88] {MOV AH, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00940FD4
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!system 77C293C7 5 Bytes JMP 0093005F
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930033
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0093004E
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1620] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[1620] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00910025
.text C:\WINDOWS\system32\svchost.exe[1620] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00910040
.text C:\WINDOWS\system32\svchost.exe[1620] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1620] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00920082
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00920F83
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00920067
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00920FA8
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00920FD4
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009200C4
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009200A9
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00920F32
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009200D5
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00920F17
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00920FC3
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00920F72
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00920FE5
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00920036
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00920F57
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00910FC0
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00910058
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 0091003D
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 0091002C
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00910FAF
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00900058
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!system 77C293C7 5 Bytes JMP 00900047
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00900011
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0090002C
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1664] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00760FE5
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00760078
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00760F8D
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0076005B
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0076004A
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00760FA8
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00760F37
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00760F5E
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007600B5
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00760F1C
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007600DA
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0076002F
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00760FD4
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00760089
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0076000A
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00760FB9
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 0076009A
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00750FC3
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00750051
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00750FD4
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0075000A
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00750040
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00750FEF
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 0075002F
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00750FB2
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00740040
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!system 77C293C7 5 Bytes JMP 00740025
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00740FB5
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00740FC6
.text C:\WINDOWS\system32\svchost.exe[1800] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00730000
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00880000
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00880082
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00880F83
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00880067
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00880FA8
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00880040
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00880F46
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00880F57
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00880F1A
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008800A9
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00880EF5
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00880FB9
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00880FEF
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00880F68
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0088002F
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00880FD4
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00880F2B
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00870FCA
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0087004A
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0087001B
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00870F8D
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00870FEF
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00870F9E
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [A7, 88]
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00870FB9
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00010FAF
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00010FC0
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00010FEF
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0001000C
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0001003A
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0001001D
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F7C
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0051
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0025
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F61
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A009D
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F21
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00C4
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A00D5
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A0036
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A008C
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A000A
.text C:\WINDOWS\explorer.exe[1920] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F46
.text C:\WINDOWS\explorer.exe[1920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00280FB9
.text C:\WINDOWS\explorer.exe[1920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00280F97
.text C:\WINDOWS\explorer.exe[1920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00280FCA
.text C:\WINDOWS\explorer.exe[1920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00280FE5
.text C:\WINDOWS\explorer.exe[1920] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00280054
.text C:\WINDOWS\explorer.exe[1920] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00280000
.text C:\WINDOWS\explorer.exe[1920] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00280FA8
.text C:\WINDOWS\explorer.exe[1920] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [48, 88]
.text C:\WINDOWS\explorer.exe[1920] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 0028002F
.text C:\WINDOWS\explorer.exe[1920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0029002A
.text C:\WINDOWS\explorer.exe[1920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290F95
.text C:\WINDOWS\explorer.exe[1920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FC1
.text C:\WINDOWS\explorer.exe[1920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\explorer.exe[1920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FB0
.text C:\WINDOWS\explorer.exe[1920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FD2
.text C:\WINDOWS\explorer.exe[1920] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 002B0000
.text C:\WINDOWS\explorer.exe[1920] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\explorer.exe[1920] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\explorer.exe[1920] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 002B0025
.text C:\WINDOWS\explorer.exe[1920] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00930F88
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00930FAD
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930FDB
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0093006C
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00930F4B
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00930F5C
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00930F0B
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00930F26
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00930EFA
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00930087
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00930F6D
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009300A4
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00920FB9
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920F68
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00920FCA
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00920F83
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00920F94
.text C:\WINDOWS\system32\svchost.exe[2548] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0091005F
.text C:\WINDOWS\system32\svchost.exe[2548] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[2548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0091003A
.text C:\WINDOWS\system32\svchost.exe[2548] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[2548] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[2548] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0091001D
.text C:\WINDOWS\system32\svchost.exe[2548] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E0F69
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0F7A
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0F8B
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0FA8
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E0F42
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E008A
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E0EF1
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E0F0C
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008E00AF
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008E0054
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008E001B
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008E006F
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008E0F1D
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008D0025
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008D0062
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008D0014
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 008D0051
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 008D0040
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 008D0FB9
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0F90
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C001B
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C000A
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C0FE3
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0FAB
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C0FC6
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A30FEF
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A3007A
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A30069
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A30058
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A30047
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A3002C
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A30F68
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A300B0
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A300E6
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A300D5
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A300F7
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A30FAF
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A30FDE
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A30095
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A3001B
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A3000A
.text C:\Program Files\Messenger\msmsgs.exe[3884] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A30F4D
.text C:\Program Files\Messenger\msmsgs.exe[3884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10FA6
.text C:\Program Files\Messenger\msmsgs.exe[3884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10027
.text C:\Program Files\Messenger\msmsgs.exe[3884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FD2
.text C:\Program Files\Messenger\msmsgs.exe[3884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10FE3
.text C:\Program Files\Messenger\msmsgs.exe[3884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A10FB7
.text C:\Program Files\Messenger\msmsgs.exe[3884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A10000
.text C:\Program Files\Messenger\msmsgs.exe[3884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A20FB9
.text C:\Program Files\Messenger\msmsgs.exe[3884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A20051
.text C:\Program Files\Messenger\msmsgs.exe[3884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A20FCA
.text C:\Program Files\Messenger\msmsgs.exe[3884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A20000
.text C:\Program Files\Messenger\msmsgs.exe[3884] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00A20040
.text C:\Program Files\Messenger\msmsgs.exe[3884] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00A20FE5
.text C:\Program Files\Messenger\msmsgs.exe[3884] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00A20F9E
.text C:\Program Files\Messenger\msmsgs.exe[3884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [C2, 88]
.text C:\Program Files\Messenger\msmsgs.exe[3884] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00A2002F
.text C:\Program Files\Messenger\msmsgs.exe[3884] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A00FEF
.text C:\Program Files\Messenger\msmsgs.exe[3884] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 009F0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3884] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 009F0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3884] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 009F000A
.text C:\Program Files\Messenger\msmsgs.exe[3884] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 009F002F

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:45 AM

Posted 28 October 2009 - 06:18 PM

Nikki,

The combofix scan went fine, McAfee did not interfere it :(

Please let me know in your next reply how the computers running and if you are having any more problems.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\bbcscte.bat
c:\documents and settings\All Users\SPL10E.tmp
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\taskmgr.exe"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Please post back here with the following logs:
  • Combofix.txt
  • MBAM log
Thanks

unite.jpg


#7 nikkim73

nikkim73
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 30 October 2009 - 11:06 AM

Hi again :( We had some bad weather yesterday (storms & tornadoes!) so my reply is late. Thank you so much for all of your help. So far, everything seems fine (no Google redirections & Firefox popups) & Malwarebytes found no infections! What was the problem?? I saw on the ComboFix log that Firefox is using Java jre 1.5.0_04...is this the one that causes a lot of problems? Should I get rid of it?

Thanks again :(

Here are the logs you requested.

ComboFix

ComboFix 09-10-27.08 - Nikki 10/28/2009 18:38.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.374 [GMT -5:00]
Running from: c:\documents and settings\Nikki\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nikki\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\bbcscte.bat"
"c:\documents and settings\All Users\SPL10E.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bbcscte.bat
c:\documents and settings\All Users\SPL10E.tmp

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 02:47 . 2009-10-28 02:47 -------- d-----w- C:\rsit
2009-10-28 01:04 . 1996-03-19 05:00 136448 ----a-w- c:\windows\RMTOOLS.DLL
2009-10-28 01:04 . 1994-09-16 05:00 20976 ----a-w- c:\windows\system\CTL3D.DLL
2009-10-28 01:04 . 2009-10-28 01:04 -------- d-----w- C:\MAXIS
2009-10-27 17:28 . 2007-01-22 13:49 344064 ----a-r- c:\windows\system32\lxcjcoin.dll
2009-10-27 16:38 . 2007-01-17 20:44 413696 ----a-w- c:\windows\system32\lxcjdrs.dll
2009-10-27 16:38 . 2005-08-08 14:01 61440 ----a-w- c:\windows\system32\lxcjcnv4.dll
2009-10-27 16:38 . 2009-10-27 17:45 -------- d-----w- c:\program files\Lexmark 8300 Series
2009-10-22 19:33 . 2009-10-22 19:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-15 14:38 . 2009-10-15 14:38 0 ------w- c:\documents and settings\Nikki\settings.dat
2009-10-15 14:24 . 2009-10-15 14:24 -------- d-----w- c:\program files\Runtime Software
2009-10-14 16:48 . 2009-10-14 16:48 -------- d-sh--w- c:\documents and settings\Nikki\PrivacIE
2009-10-14 14:32 . 2009-10-14 14:32 70 ---h--w- C:\aaw7boot.cmd
2009-10-13 18:35 . 2009-10-13 18:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-13 18:05 . 2009-10-13 18:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-13 15:42 . 2009-10-13 15:42 -------- d-sh--w- c:\documents and settings\Nikki\IETldCache
2009-10-13 14:46 . 2009-10-13 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-13 14:46 . 2009-10-13 14:50 -------- d-----w- c:\program files\SpywareBlaster
2009-10-13 14:36 . 2009-10-13 14:40 -------- dc-h--w- c:\windows\ie8
2009-10-13 02:26 . 2009-10-13 02:26 -------- d-----w- c:\documents and settings\Nikki\Application Data\Malwarebytes
2009-10-13 02:25 . 2009-09-10 19:54 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 02:25 . 2009-10-13 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-13 02:25 . 2009-09-10 19:53 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-10-13 02:25 . 2009-10-13 03:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 15:26 . 2009-10-14 14:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-10-12 15:26 . 2009-10-14 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-12 15:01 . 2009-10-12 15:01 -------- d-----w- c:\program files\Trend Micro
2009-10-12 04:10 . 2009-10-12 04:16 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-12 02:45 . 2009-10-12 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-10-12 02:41 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-12 02:41 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-12 02:41 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-12 02:41 . 2009-07-16 17:32 120136 ------w- c:\windows\system32\drivers\Mpfp.sys
2009-10-12 02:40 . 2009-10-12 02:41 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-12 02:39 . 2009-10-12 02:40 -------- d-----w- c:\program files\McAfee.com
2009-10-12 02:39 . 2009-10-25 03:59 -------- d-----w- c:\program files\McAfee
2009-10-12 02:33 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-12 02:25 . 2009-10-12 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-11 23:37 . 2009-10-11 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-10-11 23:31 . 2009-10-11 23:31 -------- d-----w- c:\documents and settings\Nikki\Local Settings\Application Data\Citrix
2009-10-11 23:31 . 2009-10-11 23:31 61224 ------w- c:\documents and settings\Nikki\GoToAssistDownloadHelper.exe
2009-10-09 10:37 . 2009-10-09 10:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 13:57 . 2007-04-19 14:12 -------- d-----w- c:\program files\Microsoft Home Publishing
2009-10-28 13:32 . 2007-05-09 00:51 -------- d-----w- c:\program files\Lx_cats
2009-10-27 17:45 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 14:05 . 2007-11-21 01:55 -------- d-----w- c:\program files\QuickTime
2009-10-27 14:05 . 2007-04-19 14:07 -------- d-----w- c:\program files\Microsoft Picture It! Express
2009-10-27 14:05 . 2006-12-26 02:57 -------- d-----w- c:\program files\Kids Cam Show and Share Creativity Center
2009-10-27 14:05 . 2009-09-15 05:15 -------- d-----w- c:\program files\ImgBurn
2009-10-27 14:04 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\AOL
2009-10-14 15:54 . 2009-09-09 13:59 137668 ------w- c:\windows\HPHins15.dat
2009-10-13 03:44 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google
2009-10-13 03:43 . 2009-09-15 04:46 -------- d-----w- c:\documents and settings\Nikki\Application Data\uTorrent
2009-10-11 23:58 . 2006-05-23 21:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-11 19:56 . 2008-12-16 21:11 -------- d-----w- c:\program files\Philips
2009-10-09 10:38 . 2009-09-09 14:07 -------- d-----w- c:\documents and settings\Nikki\Application Data\HPAppData
2009-09-24 20:45 . 2007-11-12 00:21 -------- d-----w- c:\documents and settings\Nikki\Application Data\NewSoft
2009-09-19 21:18 . 2006-10-05 00:44 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-18 14:25 . 2006-10-07 03:49 1052 ------w- c:\documents and settings\Nikki\Application Data\wklnhst.dat
2009-09-18 13:56 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works
2009-09-16 15:22 . 2009-07-08 18:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-15 05:27 . 2009-09-15 05:24 -------- d-----w- c:\documents and settings\Nikki\Application Data\ImgBurn
2009-09-14 18:41 . 2009-09-14 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\TGHomeSoft
2009-09-14 18:38 . 2009-09-14 18:38 -------- d-----w- c:\program files\TGHome
2009-09-10 22:12 . 2007-11-14 00:19 -------- d-----w- c:\program files\Britannica 2006
2009-09-09 14:13 . 2009-09-09 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-09-09 14:13 . 2009-09-09 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-09 14:12 . 2006-02-16 16:59 107544 ------w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 14:12 . 2009-09-09 14:12 -------- d-----w- c:\documents and settings\Nikki\Application Data\HP
2009-09-09 14:07 . 2009-09-09 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-09 14:07 . 2009-09-09 14:03 -------- d-----w- c:\program files\HP
2009-09-09 14:07 . 2009-09-09 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-09-09 14:06 . 2009-09-09 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-09-09 14:04 . 2009-09-09 14:04 -------- d-----w- c:\program files\Common Files\HP
2009-09-03 21:31 . 2009-09-03 21:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-03 08:18 . 2009-09-03 08:18 -------- d-----w- c:\program files\MSBuild
2009-09-03 08:18 . 2009-09-03 08:18 -------- d-----w- c:\program files\Reference Assemblies
2009-08-20 21:04 . 2008-12-16 23:04 256 ------w- c:\windows\system32\pool.bin
2009-08-07 00:24 . 2006-02-15 15:36 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2006-02-15 15:36 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2006-02-15 15:36 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 11:16 44768 ------w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2006-02-15 15:36 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2006-02-15 14:02 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2006-02-15 15:36 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2006-02-15 15:36 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2006-02-15 14:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-28_13.55.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-15 15:41 . 2009-10-28 23:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2009-10-28 13:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-28 17:35 . 2009-10-28 23:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-21 185896]
"LXBSCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Malwarebytes Anti-Malware (reboot)"="f:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2007-01-30 205744]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2007-01-30 103344]
"LXCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 106496]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\Nikki\Start Menu\Programs\Startup\
Microsoft Home Publishing Reminders.lnk - c:\program files\Microsoft Home Publishing\MHPRMIND.EXE [1998-8-13 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Documents and Settings\\Nikki\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcsync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\WINDOWS\\system32\\lxcjcoms.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/11/2009 9:44 PM 210216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UWTDAPOW
*Deregistered* - mbr
*Deregistered* - uwtdapow

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 17:22]

2009-10-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 17:22]

2006-10-04 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 12:00]

2009-10-22 c:\windows\Tasks\WebReg Deskjet D1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 02:27]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - c:\documents and settings\Nikki\Application Data\Mozilla\Firefox\Profiles\xip6x07m.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.iwon.com/iwon-homepage/home.jhtml
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 18:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
LXCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-28 18:48
ComboFix-quarantined-files.txt 2009-10-28 23:48
ComboFix2.txt 2009-10-28 14:02

Pre-Run: 34,472,366,080 bytes free
Post-Run: 34,425,094,144 bytes free

- - End Of File - - F836C3B25829E4BEEA818F65CDF559E7


Malwarebytes Log

Malwarebytes' Anti-Malware 1.41
Database version: 3050
Windows 5.1.2600 Service Pack 2

10/29/2009 4:19:40 PM
mbam-log-2009-10-29 (16-19-40).txt

Scan type: Quick Scan
Objects scanned: 115196
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:45 AM

Posted 30 October 2009 - 11:42 AM

Hello :(

Your problems was Vundo, which more than likely got on you system because of your outdated java, so we will take care of that and these next steps.


Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
Posted Image



Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back here with the following logs:
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#9 nikkim73

nikkim73
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 30 October 2009 - 01:25 PM

I went to do the ComboFix uninstall & it is gone! I get the error "Windows cannot find "Combofix" error...I did a search & the ComboFix folder is there but there is nothing in it. Where did it go? Should I be concerned since I was just going to uninstall it anyway?

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:45 AM

Posted 30 October 2009 - 09:01 PM

Just download a new copy of combofix and save it to you desktop then run the uninstall command again.

unite.jpg


#11 nikkim73

nikkim73
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 02 November 2009 - 09:57 PM

Hi Syler,

Thanks again for your help. Sorry about the wait -- it has been crazy busy here :( I downloaded Combofix again & ran the uninstaller. Then I updated the Java.. The Kaspersky scan kinda' scared me since it discovered something that no other scan has ever mentioned (especially since I haven't used Thunderbird in months, so it can't be something new..)

Here are the logs you requested:

Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 2, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 02, 2009 22:52:39
Records in database: 3115681
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 120121
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:35:09


File name / Threat / Threats count
C:\Documents and Settings\Nikki\Application Data\Thunderbird\Profiles\3dipq58q.default\Mail\Local Folders\Inbox Infected: Email-Worm.Win32.Zhelatin.a 1
C:\Documents and Settings\Nikki\Application Data\Thunderbird\Profiles\3dipq58q.default\Mail\Local Folders\Junk Infected: Email-Worm.Win32.Zhelatin.a 1

Selected area has been scanned.


New RSIT log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nikki at 2009-11-02 20:48:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (34%) free of 95 GB
Total RAM: 1014 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:37 PM, on 11/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\AGRSMMSG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nikki\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nikki.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Microsoft Home Publishing Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Home Publishing Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE (User 'Default user')
O4 - Startup: Microsoft Home Publishing Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Nikki/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 13487 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\WebReg Deskjet D1400 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-27 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-27 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-27 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"CFSServ.exe"=CFSServ.exe -NoClient []
"Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-12-21 185896]
"LXBSCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16 []
"WrtMon.exe"=C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"Malwarebytes Anti-Malware (reboot)"=F:\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"lxcjmon.exe"=C:\Program Files\Lexmark 8300 Series\lxcjmon.exe [2007-01-30 205744]
"EzPrint"=C:\Program Files\Lexmark 8300 Series\ezprint.exe [2007-01-30 103344]
"LXCJCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16 []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-02 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Nikki\Start Menu\Programs\Startup
Microsoft Home Publishing Reminders.lnk - C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-10 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Documents and Settings\Nikki\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Nikki\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\McAfee\MSC\mcsync.exe"="C:\Program Files\McAfee\MSC\mcsync.exe:*:Enabled:McSync"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"
"C:\WINDOWS\system32\lxcjcoms.exe"="C:\WINDOWS\system32\lxcjcoms.exe:*:Enabled:Lexmark Communications System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-11-02 17:28:08 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-02 17:28:08 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-02 17:28:08 ----A---- C:\WINDOWS\system32\java.exe
2009-11-02 17:28:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-02 17:06:10 ----SD---- C:\ComboFix
2009-10-31 12:15:32 ----D---- C:\Program Files\Common Files\ODBC
2009-10-28 17:48:24 ----A---- C:\ComboFix.txt
2009-10-28 17:48:23 ----A---- C:\log.txt
2009-10-28 07:40:39 ----A---- C:\Boot.bak
2009-10-28 07:40:28 ----RASHD---- C:\cmdcons
2009-10-28 07:38:37 ----D---- C:\WINDOWS\ERDNT
2009-10-27 20:47:26 ----D---- C:\rsit
2009-10-27 19:04:26 ----A---- C:\WINDOWS\RMTOOLS.DLL
2009-10-27 19:04:14 ----D---- C:\MAXIS
2009-10-27 11:30:16 ----A---- C:\WINDOWS\system32\tmp11C.tmp
2009-10-27 11:30:16 ----A---- C:\WINDOWS\system32\tmp11B.tmp
2009-10-27 11:30:16 ----A---- C:\WINDOWS\system32\tmp11A.tmp
2009-10-27 11:30:15 ----A---- C:\WINDOWS\system32\tmp119.tmp
2009-10-27 11:28:22 ----RA---- C:\WINDOWS\system32\lxcjcoin.dll
2009-10-27 10:38:36 ----A---- C:\WINDOWS\system32\lxcjdrs.dll
2009-10-27 10:38:36 ----A---- C:\WINDOWS\system32\lxcjcnv4.dll
2009-10-27 10:38:05 ----D---- C:\Program Files\Lexmark 8300 Series
2009-10-27 10:37:52 ----A---- C:\WINDOWS\system32\lxcjinst.dll
2009-10-27 10:37:52 ----A---- C:\WINDOWS\system32\lxcjhcp.dll
2009-10-27 10:37:51 ----A---- C:\WINDOWS\system32\lxcjutil.dll
2009-10-27 10:37:51 ----A---- C:\WINDOWS\system32\lxcjinpa.dll
2009-10-27 10:37:51 ----A---- C:\WINDOWS\system32\lxcjiesc.dll
2009-10-27 10:37:50 ----A---- C:\WINDOWS\system32\lxcjusb1.dll
2009-10-27 10:37:50 ----A---- C:\WINDOWS\system32\lxcjserv.dll
2009-10-27 10:37:49 ----A---- C:\WINDOWS\system32\lxcjprox.dll
2009-10-27 10:37:49 ----A---- C:\WINDOWS\system32\lxcjpplc.dll
2009-10-27 10:37:49 ----A---- C:\WINDOWS\system32\lxcjpmui.dll
2009-10-27 10:37:49 ----A---- C:\WINDOWS\system32\lxcjlmpm.dll
2009-10-27 10:37:49 ----A---- C:\WINDOWS\system32\lxcjjswr.dll
2009-10-27 10:37:48 ----A---- C:\WINDOWS\system32\lxcjinsr.dll
2009-10-27 10:37:48 ----A---- C:\WINDOWS\system32\lxcjinsb.dll
2009-10-27 10:37:48 ----A---- C:\WINDOWS\system32\lxcjins.dll
2009-10-27 10:37:48 ----A---- C:\WINDOWS\system32\lxcjih.exe
2009-10-27 10:37:47 ----A---- C:\WINDOWS\system32\lxcjhbn3.dll
2009-10-27 10:37:47 ----A---- C:\WINDOWS\system32\lxcjgf.dll
2009-10-27 10:37:46 ----A---- C:\WINDOWS\system32\lxcjcur.dll
2009-10-27 10:37:46 ----A---- C:\WINDOWS\system32\lxcjcub.dll
2009-10-27 10:37:46 ----A---- C:\WINDOWS\system32\lxcjcu.dll
2009-10-27 10:37:46 ----A---- C:\WINDOWS\system32\lxcjcoms.exe
2009-10-27 10:37:45 ----A---- C:\WINDOWS\system32\lxcjcomm.dll
2009-10-27 10:37:45 ----A---- C:\WINDOWS\system32\lxcjcomc.dll
2009-10-27 10:37:45 ----A---- C:\WINDOWS\system32\lxcjcfg.exe
2009-10-27 10:37:44 ----RA---- C:\WINDOWS\system32\lxcjcfg.dll
2009-10-15 08:39:53 ----N---- C:\RootRepeal report 10-15-09 (09-39-53).txt
2009-10-15 08:24:36 ----D---- C:\Program Files\Runtime Software
2009-10-14 08:32:37 ----H---- C:\aaw7boot.cmd
2009-10-13 08:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-13 08:46:44 ----D---- C:\Program Files\SpywareBlaster
2009-10-13 08:36:48 ----HDC---- C:\WINDOWS\ie8
2009-10-12 20:26:07 ----D---- C:\Documents and Settings\Nikki\Application Data\Malwarebytes
2009-10-12 20:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-12 20:25:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-12 19:33:11 ----N---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-10-12 09:26:44 ----HDC---- C:\Documents and Settings\All Users\Application Data\~0
2009-10-12 09:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-12 09:01:57 ----D---- C:\Program Files\Trend Micro
2009-10-11 22:10:44 ----D---- C:\Program Files\Windows Live Safety Center
2009-10-11 20:45:00 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-10-11 20:40:02 ----D---- C:\Program Files\Common Files\McAfee
2009-10-11 20:39:59 ----D---- C:\Program Files\McAfee.com
2009-10-11 20:39:40 ----D---- C:\Program Files\McAfee
2009-10-11 20:25:24 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-10-11 17:37:41 ----D---- C:\Documents and Settings\All Users\Application Data\Citrix

======List of files/folders modified in the last 1 months======

2009-11-02 20:48:24 ----D---- C:\WINDOWS\Prefetch
2009-11-02 19:41:53 ----D---- C:\WINDOWS\Temp
2009-11-02 17:30:10 ----D---- C:\Program Files\Mozilla Firefox
2009-11-02 17:28:15 ----SHD---- C:\WINDOWS\Installer
2009-11-02 17:28:14 ----D---- C:\Config.Msi
2009-11-02 17:28:08 ----D---- C:\WINDOWS\system32
2009-11-02 17:27:38 ----D---- C:\Program Files\Java
2009-11-02 17:25:49 ----D---- C:\WINDOWS
2009-11-02 17:25:44 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-11-02 17:25:39 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-11-02 17:25:30 ----D---- C:\Program Files\Microsoft Home Publishing
2009-11-02 17:24:16 ----D---- C:\WINDOWS\system32\DLA
2009-11-02 17:22:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-02 17:20:34 ----D---- C:\Program Files\Common Files
2009-11-02 17:06:38 ----SHD---- C:\System Volume Information
2009-11-02 17:06:38 ----D---- C:\WINDOWS\system32\Restore
2009-11-02 17:03:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-02 14:15:30 ----D---- C:\Program Files\Lx_cats
2009-11-02 09:11:18 ----HD---- C:\WINDOWS\inf
2009-11-02 09:08:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-02 09:02:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-31 19:23:21 ----D---- C:\WINDOWS\ehome
2009-10-29 09:54:16 ----SD---- C:\WINDOWS\Tasks
2009-10-28 17:46:13 ----A---- C:\WINDOWS\system.ini
2009-10-28 17:43:10 ----D---- C:\WINDOWS\system32\drivers
2009-10-28 17:43:10 ----D---- C:\WINDOWS\AppPatch
2009-10-28 07:52:40 ----D---- C:\WINDOWS\system32\config
2009-10-28 07:40:39 ----RASH---- C:\boot.ini
2009-10-28 07:22:59 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-27 19:04:26 ----D---- C:\WINDOWS\system
2009-10-27 11:54:08 ----A---- C:\WINDOWS\win.ini
2009-10-27 11:45:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-27 11:29:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-27 10:38:05 ----D---- C:\Program Files
2009-10-27 08:17:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-27 08:05:38 ----D---- C:\Program Files\Windows Media Player
2009-10-27 08:05:21 ----D---- C:\Program Files\QuickTime
2009-10-27 08:05:16 ----D---- C:\Program Files\Microsoft Picture It! Express
2009-10-27 08:05:06 ----D---- C:\Program Files\Kids Cam Show and Share Creativity Center
2009-10-27 08:05:02 ----D---- C:\Program Files\Internet Explorer
2009-10-27 08:05:00 ----D---- C:\Program Files\ImgBurn
2009-10-27 08:04:49 ----D---- C:\Program Files\Common Files\AOL
2009-10-20 13:51:58 ----D---- C:\WINDOWS\repair
2009-10-20 13:51:48 ----D---- C:\WINDOWS\Registration
2009-10-14 08:34:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-13 09:42:09 ----D---- C:\WINDOWS\system32\en-US
2009-10-13 09:42:08 ----D---- C:\WINDOWS\Media
2009-10-13 09:42:08 ----D---- C:\WINDOWS\Help
2009-10-12 21:44:50 ----D---- C:\Program Files\Google
2009-10-12 21:43:38 ----D---- C:\Documents and Settings\Nikki\Application Data\uTorrent
2009-10-12 09:26:01 ----D---- C:\WINDOWS\WinSxS
2009-10-11 22:10:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-11 17:58:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-10-11 13:56:53 ----D---- C:\Program Files\Philips
2009-10-09 04:38:23 ----D---- C:\Documents and Settings\Nikki\Application Data\HPAppData
2009-10-06 20:35:04 ----D---- C:\WINDOWS\system32\ias

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-04 21275]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SQTECH905C;Dual Camera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-03-24 38937]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-02 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-10-14 303104]
R2 lxcj_device;lxcj_device; C:\WINDOWS\system32\lxcjcoms.exe [2007-01-30 537520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 lxbs_device;lxbs_device; C:\WINDOWS\system32\lxbscoms.exe [2004-02-20 421888]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
S4 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
S4 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
S4 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:45 AM

Posted 03 November 2009 - 12:34 PM

Hi Nikki,

No need to worry about the delay.

The infections Kaspersky found are email with infected attachments that are in your inbox and junk folders of Thunderbird. They will not harm you if you don't open
them but you should try and clean them out. You can empty your junk folder then you will need to go through you inbox and delete any emails with attachments.

  • Go to Start >> Run, and type Notepad into the run box, then click Ok.
  • Copy and paste the following code into Notepad. ( Do not include the word "CODE")
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName"="My Current Home Page"
"Source"="About:Home"
  • Click on the File tab, and select Save.
  • In the box that opens type Regfix.reg for the File name.
  • Change the Save as type to All Files, then save it to your Desktop. (It should look like this Posted Image)
  • Double click Regfix.reg, Select yes when it prompts you, then Ok.


You don't have the latest service pack for windows, The service packs patch security vulnerabilities found in windows. You should
keep these upto date to keep you protected against malware, that can take advantage of these security vulnerabilities to attack
your system.The latest service pack is SP3, Click on Start >> All programs >> Windows update then select Express
and allow it to install all updates including SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.


Then please post back with a new Rsit log and let me know if you have any more problems.

Thanks
Syler

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:45 AM

Posted 07 November 2009 - 07:17 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users