Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack Help


  • This topic is locked This topic is locked
16 replies to this topic

#1 sconyers

sconyers

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 23 October 2009 - 03:13 PM

Hello, I'm experiencing browser (both IE and Firefox) Google search redirects to bizrate.com, guide1.net and occasionally IE or Firefox won't load or hangs. I've followed the Prep Guide and I have a log of HijackThis as well (attached). Any advice is greatly appreciated. I also downloaded Windows Defender, ran a scan, which came back clean. Thanks so much.


DDS (Ver_09-10-13.01) - NTFSx86
Run by Bryce at 15:27:13.15 on Fri 10/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.226 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\security apps\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Bryce\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://hotmail.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [EzPrint] "c:\program files\lexmark 5600-6600 series\ezprint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Rciyuzimocinex] rundll32.exe "c:\windows\umaxixoy.dll",Startup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\office
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxps://web04.farvv.com/sn/ImageUploader4.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
LSA: Notification Packages = scecli rvusti.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bryce\applic~1\mozilla\firefox\profiles\1ynbc037.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XULRunner: {6A021D06-B205-417F-80B6-A836562891EF} - c:\documents and settings\bryce\local settings\application data\{6A021D06-B205-417F-80B6-A836562891EF}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-9 210216]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2009-8-31 98984]

=============== Created Last 30 ================

2009-10-23 14:10 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-23 13:44 <DIR> --d----- C:\security apps
2009-10-23 09:19 <DIR> --dsh--- c:\documents and settings\bryce\IECompatCache
2009-10-23 09:02 <DIR> --d----- c:\program files\FileHippo.com
2009-10-20 17:23 <DIR> --dsh--- c:\documents and settings\bryce\PrivacIE
2009-10-20 16:49 <DIR> --dsh--- c:\documents and settings\bryce\IETldCache
2009-10-20 16:40 <DIR> --d----- c:\windows\ie8updates
2009-10-20 16:34 <DIR> -cd-h--- c:\windows\ie8
2009-10-20 16:31 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-10-20 16:31 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-10-20 16:30 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-10-20 15:19 198,144 -------- c:\windows\system32\_psisdecd.dll
2009-10-20 15:19 44,544 a------- c:\windows\system32\msxml4a.dll
2009-10-20 14:08 <DIR> --d----- C:\MyWorks
2009-10-03 09:11 0 a------- c:\windows\Cjegas.bin
2009-10-03 09:11 120 a------- c:\windows\Tvidifuyiw.dat
2009-10-01 20:17 48,868 a---h--- c:\windows\system32\mlfcache.dat
2009-09-25 17:39 <DIR> --d----- c:\program files\Shared

==================== Find3M ====================

2009-09-16 10:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 10:22 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 10:22 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 10:22 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 10:22 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 10:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 17:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-29 04:08 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 04:08 916,480 -------- c:\windows\system32\dllcache\wininet.dll
2009-08-29 04:08 5,940,224 -------- c:\windows\system32\dllcache\mshtml.dll
2009-08-29 04:08 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-08-29 04:08 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-08-29 04:08 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-08-29 04:08 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-29 04:08 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 04:08 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 04:08 11,069,440 -------- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 04:08 387,584 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-29 03:36 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 06:35 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 06:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 04:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 11:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 10:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 10:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2007-01-13 14:42 1,996 a------- c:\docume~1\bryce\applic~1\wklnhst.dat
2008-08-18 19:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat

============= FINISH: 15:28:55.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 AM

Posted 31 October 2009 - 09:09 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 sconyers

sconyers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 01 November 2009 - 05:36 PM

Hi Syler, thank you so much for your help. This PC seemed to be running better over the last week, and then for the past day I have not even been able to open most applications, IE, Firefox or adaware once logged on. Also have not been able to restart, te Start menu seems frozen. Here are the logs requested:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-01 17:32:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 21 GB (55%) free of 38 GB
Total RAM: 894 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:41 PM, on 11/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT.exe
C:\security apps\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - https://web04.farvv.com/sn/ImageUploader4.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10729 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\cleanup.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-04 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-11 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]
Lexmark Printable Web - C:\Program Files\Lexmark Printable Web\bho.dll [2008-09-10 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-25 149280]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-10-17 26112]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"lxdumon.exe"=C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [2008-09-10 676520]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-01 794624]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]
"EzPrint"=C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe [2008-09-10 131752]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-11 339968]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AutorunsDisabled
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
rvusti.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\lxducoms.exe"="C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-01 17:32:29 ----D---- C:\rsit
2009-11-01 17:11:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-10-27 16:49:17 ----D---- C:\WINDOWS\LastGood.Tmp
2009-10-26 15:10:04 ----D---- C:\Program Files\Uniblue
2009-10-26 15:08:22 ----A---- C:\processscanner.exe
2009-10-26 15:04:51 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-10-26 13:46:40 ----D---- C:\Autoruns
2009-10-25 19:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-10-25 17:44:19 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-25 11:14:14 ----A---- C:\WINDOWS\imsins.BAK
2009-10-25 10:39:33 ----HDC---- C:\WINDOWS\ie8
2009-10-25 10:21:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-25 10:21:50 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-25 10:21:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-25 10:21:47 ----A---- C:\WINDOWS\system32\java.exe
2009-10-25 09:33:18 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-25 09:30:03 ----D---- C:\Program Files\Lavasoft
2009-10-25 09:10:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-24 22:34:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-24 22:34:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-24 22:26:06 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-24 22:25:53 ----D---- C:\Program Files\MSBuild
2009-10-24 22:25:23 ----D---- C:\Program Files\Reference Assemblies
2009-10-24 22:21:11 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-24 22:21:11 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-10-24 22:21:10 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-10-24 22:21:09 ----D---- C:\889b51d18678546b99
2009-10-24 21:09:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2009-10-24 21:08:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2009-10-24 20:49:51 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2009-10-24 20:49:48 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-10-24 20:49:48 ----D---- C:\Documents and Settings\Administrator\Application Data\Symantec
2009-10-24 20:49:48 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2009-10-24 20:49:48 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2009-10-24 19:43:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-24 13:35:50 ----A---- C:\WindowsXP-KB958644-x86-ENU.exe
2009-10-23 14:49:30 ----A---- C:\RootRepeal report 10-23-09 (15-49-30).txt
2009-10-23 14:39:30 ----A---- C:\RootRepeal report 10-23-09 (15-39-30).txt
2009-10-23 13:10:44 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-10-23 13:07:26 ----D---- C:\Program Files\Windows Defender
2009-10-23 12:44:36 ----D---- C:\security apps
2009-10-23 08:02:29 ----D---- C:\Program Files\FileHippo.com
2009-10-20 15:40:51 ----D---- C:\WINDOWS\ie8updates
2009-10-20 14:20:03 ----D---- C:\Documents and Settings\All Users\Application Data\Cyberlink
2009-10-20 14:19:24 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-10-20 13:08:57 ----D---- C:\Program Files\CyberLink
2009-10-20 13:08:57 ----D---- C:\MyWorks
2009-10-18 13:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-18 10:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-18 10:14:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-18 10:14:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-18 10:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-18 10:12:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-18 10:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-18 10:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-18 10:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

======List of files/folders modified in the last 1 months======

2009-11-01 17:29:28 ----D---- C:\WINDOWS\system32
2009-11-01 17:28:49 ----SD---- C:\WINDOWS\Tasks
2009-11-01 17:27:18 ----D---- C:\WINDOWS\Temp
2009-11-01 17:26:33 ----D---- C:\Program Files\Mozilla Firefox
2009-11-01 17:10:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-01 17:08:50 ----D---- C:\WINDOWS
2009-11-01 17:00:21 ----D---- C:\WINDOWS\Prefetch
2009-11-01 16:59:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-01 16:52:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-27 16:49:17 ----HD---- C:\WINDOWS\inf
2009-10-26 17:11:01 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-10-26 15:17:06 ----D---- C:\WINDOWS\Help
2009-10-26 15:10:04 ----RD---- C:\Program Files
2009-10-26 14:58:15 ----D---- C:\WINDOWS\system32\drivers
2009-10-26 13:34:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-26 13:25:40 ----RASH---- C:\boot.ini
2009-10-26 13:25:40 ----A---- C:\WINDOWS\win.ini
2009-10-26 13:25:40 ----A---- C:\WINDOWS\system.ini
2009-10-26 13:25:38 ----D---- C:\WINDOWS\pss
2009-10-25 20:34:53 ----RSD---- C:\WINDOWS\assembly
2009-10-25 20:31:54 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-25 19:40:04 ----HD---- C:\Config.Msi
2009-10-25 19:34:07 ----SHD---- C:\WINDOWS\Installer
2009-10-25 19:32:07 ----D---- C:\WINDOWS\WinSxS
2009-10-25 19:25:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-25 18:09:47 ----D---- C:\WINDOWS\system32\en-US
2009-10-25 18:09:46 ----D---- C:\WINDOWS\Media
2009-10-25 18:09:45 ----D---- C:\Program Files\Internet Explorer
2009-10-25 10:27:10 ----D---- C:\WINDOWS\Debug
2009-10-25 10:17:06 ----D---- C:\Program Files\Java
2009-10-25 10:05:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-10-25 10:04:00 ----D---- C:\Program Files\Symantec
2009-10-25 10:03:06 ----D---- C:\Program Files\Common Files
2009-10-25 09:37:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-25 08:41:44 ----D---- C:\Program Files\Shared
2009-10-25 08:41:44 ----D---- C:\Program Files\Common
2009-10-24 22:25:43 ----RSD---- C:\WINDOWS\Fonts
2009-10-24 22:24:35 ----D---- C:\WINDOWS\system32\spool
2009-10-24 21:18:30 ----D---- C:\Documents and Settings
2009-10-24 13:10:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-23 13:07:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-23 12:53:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-23 07:51:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-22 08:58:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-20 15:55:02 ----D---- C:\Program Files\MSN
2009-10-20 15:20:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-02 10:01:58 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
S1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
S1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-10-17 8552]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-11 1035264]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-01-18 55320]
S3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
S3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
S3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
S3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-25 1170768]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-11 360448]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-25 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
S2 lxdu_device;lxdu_device; C:\WINDOWS\system32\lxducoms.exe [2008-05-23 594600]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-23 98984]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-11-01 17:32:54

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Data Access Objects (DAO) 3.5-->C:\Program Files\Common Files\Microsoft Shared\DAO\Remove.EXE C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\COMMON~1\MICROS~1\DAO\DeIsL1.isu
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
Dr. Landlord Real Estate Manager Platinum Edition-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Dr. Landlord Platinum\ST6UNST.LOG"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\security apps\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 6.1-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.1-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP User Guides 0001-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06ECCCF4-9295-468E-851C-9529A7C181E8}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 5600-6600 Series-->C:\Program Files\Lexmark 5600-6600 Series\Install\x86\Uninst.exe
Lexmark Printable Web-->regsvr32.exe /s /u "C:\Program Files\Lexmark Printable Web\bho.dll"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Monopoly Here and Now-->C:\Program Files\Monopoly Here and Now\uninstall.exe
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0 - SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
Quick Launch Buttons 5.10 B2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
Uniblue ProcessScanner-->"C:\Program Files\Uniblue\ProcessScanner\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: McAfee VirusScan (disabled)
FW: McAfee Personal Firewall

======System event log======

Computer Name: PC121161970429
Event Code: 7001
Message: The Computer Browser service depends on the Server service which failed to start because of the following error:
After starting, the service hung in a start-pending state.


Record Number: 1118499
Source Name: Service Control Manager
Time Written: 20091025100251.000000-240
Event Type: error
User:

Computer Name: PC121161970429
Event Code: 7022
Message: The Server service hung on starting.

Record Number: 1118498
Source Name: Service Control Manager
Time Written: 20091025100251.000000-240
Event Type: error
User:

Computer Name: PC121161970429
Event Code: 7000
Message: The lxduCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 1118497
Source Name: Service Control Manager
Time Written: 20091025094641.000000-240
Event Type: error
User:

Computer Name: PC121161970429
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService service to connect.

Record Number: 1118496
Source Name: Service Control Manager
Time Written: 20091025094641.000000-240
Event Type: error
User:

Computer Name: PC121161970429
Event Code: 10010
Message: The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register with DCOM within the required timeout.

Record Number: 1118491
Source Name: DCOM
Time Written: 20091025094438.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: PC121161970429
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 2765
Source Name: Application Hang
Time Written: 20081202175806.000000-300
Event Type: error
User:

Computer Name: PC121161970429
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 2764
Source Name: Application Hang
Time Written: 20081202175504.000000-300
Event Type: error
User:

Computer Name: PC121161970429
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 2763
Source Name: Application Hang
Time Written: 20081202175504.000000-300
Event Type: error
User:

Computer Name: PC121161970429
Event Code: 5051
Message: A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3128 (0xc38)

Thread address : 0x7C90E4F4

Thread message :

Build VSCORE.14.0.0.349 / 5300.2777
Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\WBEM\Logs\wbemess.log
by C:\WINDOWS\System32\svchost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


Record Number: 2761
Source Name: McLogEvent
Time Written: 20081201183545.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: PC121161970429
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 2748
Source Name: Application Hang
Time Written: 20081130130128.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 AM

Posted 01 November 2009 - 05:46 PM

Hi sconyers,

I see that you have been disabling some items with Autoruns, I need to be able to see what these are incase they are bad, so can you please re-enable all
items in Autoruns, you can disable them again once we are done cleaning.

Also your last scan was run in safemode with networking, please run all scans in normal mode unless asked to do otherwise, if you are having problems
getting into normal mode please let me know.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

Edited by syler, 01 November 2009 - 05:48 PM.

unite.jpg


#5 sconyers

sconyers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 01 November 2009 - 06:46 PM

Hello - I updated Anti-Malware in Safe Mode, and then tried to run it in Normal, but it hangs at 2 seconds, every time. I've probably restarted and tried this 5 or 6 times, each with the same result. Any ideas? Thanks

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 AM

Posted 01 November 2009 - 06:48 PM

Try remaning mbam.exe to sconyers.exe if this doesn't work let me know.

unite.jpg


#7 sconyers

sconyers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 01 November 2009 - 08:39 PM

After renaming, will not open, get a dialog box reads "Run-time error '0'"

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 AM

Posted 02 November 2009 - 08:43 AM

Do the following, then try to run Malwarebytes again.
  • Go to Start >> Run, and type Notepad into the run box, then click Ok.
  • Copy and paste the following code into Notepad. ( Do not include the word "CODE")
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"
  • Click on the File tab, and select Save.
  • In the box that opens type MBAMfix.bat for the File name.
  • Change the Save as type to All Files, then save it to your Desktop. (It should look like this Posted Image)
  • Double click MBAMfix.bat, a box will pop up briefly on your screen and disappear, this is normal.
  • Click OK to each of the 3 dialog boxes that should show a success message for each file registered
  • If you get an error that REGSVR32 "is not recognized as an internal or external command, operable program or batch file", then ensure that the file REGSVR32.EXE exists
    in the %WINDIR%\SYSTEM32 folder. If it's not found there you can copy if from another Computer running the same operating system and service pack level.
If that doesn't fix it then please download and install the Microsoft Visual Basic Common Controls from here to see if it helps.

unite.jpg


#9 sconyers

sconyers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 02 November 2009 - 09:06 AM

I ran the .bat file and the first line was successful, 2nd and 3rd line both read "failed - the specified module could not be found." I downloaded the MS Visual Basic file, restarted, still no success running MBAM. Grrrrr....

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 AM

Posted 02 November 2009 - 09:13 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#11 sconyers

sconyers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 02 November 2009 - 10:40 AM

ComboFix 09-11-01.04 - Bryce 11/02/2009 9:32.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.369 [GMT -5:00]
Running from: c:\documents and settings\Bryce\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common
c:\program files\Shared
c:\recycler\S-1-5-21-1089551744-1120685985-1162132538-1003
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003

.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 13:56 . 2009-11-02 13:56 935656 ----a-w- C:\VisualBasic6-KB896559-v1-ENU.exe
2009-11-02 13:52 . 2009-11-02 13:53 4045544 ----a-w- C:\mbam-setup.exe
2009-11-02 00:11 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 00:11 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 22:59 . 2009-11-01 22:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-01 22:32 . 2009-11-01 22:32 -------- d-----w- C:\rsit
2009-10-26 20:10 . 2009-10-26 20:10 -------- d-----w- c:\program files\Uniblue
2009-10-26 20:08 . 2009-10-26 20:09 923280 ----a-w- C:\processscanner.exe
2009-10-26 20:04 . 2009-10-26 20:04 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-26 18:46 . 2009-10-26 18:46 -------- d-----w- C:\Autoruns
2009-10-26 18:44 . 2009-10-26 18:44 595445 ----a-w- C:\Autoruns.zip
2009-10-25 22:44 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-25 15:39 . 2009-10-25 16:17 -------- dc-h--w- c:\windows\ie8
2009-10-25 15:21 . 2009-10-25 15:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-25 14:37 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-25 14:33 . 2009-10-25 14:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-25 14:30 . 2009-10-25 14:30 -------- d-----w- c:\program files\Lavasoft
2009-10-25 03:34 . 2009-10-25 03:34 -------- d-----w- c:\documents and settings\Bryce\Application Data\Malwarebytes
2009-10-25 03:34 . 2009-10-25 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-25 03:34 . 2009-11-02 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 03:26 . 2009-10-25 03:26 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-25 03:25 . 2009-10-25 03:25 -------- d-----w- c:\program files\MSBuild
2009-10-25 03:25 . 2009-10-25 03:25 -------- d-----w- c:\program files\Reference Assemblies
2009-10-25 03:21 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-25 03:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-25 03:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-25 03:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-25 03:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-25 03:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-25 03:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-25 03:21 . 2009-10-25 03:24 -------- d-----w- C:\889b51d18678546b99
2009-10-25 02:08 . 2009-10-25 02:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-10-25 01:50 . 2009-10-25 01:50 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-25 00:43 . 2009-10-25 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-24 18:35 . 2009-10-24 18:35 648560 ----a-w- C:\WindowsXP-KB958644-x86-ENU.exe
2009-10-23 18:28 . 2009-10-23 18:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-23 18:10 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-23 18:07 . 2009-10-23 18:07 -------- d-----w- c:\program files\Windows Defender
2009-10-23 17:44 . 2009-11-01 22:32 -------- d-----w- C:\security apps
2009-10-23 13:19 . 2009-10-23 13:19 -------- d-sh--w- c:\documents and settings\Bryce\IECompatCache
2009-10-23 13:02 . 2009-10-23 17:15 -------- d-----w- c:\program files\FileHippo.com
2009-10-20 21:24 . 2009-10-20 21:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-20 21:23 . 2009-10-20 21:23 -------- d-sh--w- c:\documents and settings\Bryce\PrivacIE
2009-10-20 20:49 . 2009-10-20 20:49 -------- d-sh--w- c:\documents and settings\Bryce\IETldCache
2009-10-20 20:40 . 2009-10-26 00:19 -------- d-----w- c:\windows\ie8updates
2009-10-20 20:31 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-20 20:31 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-20 20:30 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-20 19:31 . 2009-10-20 19:31 -------- d-----w- c:\documents and settings\Bryce\Application Data\CyberLink
2009-10-20 19:20 . 2009-10-20 19:46 -------- d-----w- c:\documents and settings\Bryce\Local Settings\Application Data\PCM4Everio
2009-10-20 19:20 . 2009-10-20 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Cyberlink
2009-10-20 19:19 . 2006-06-04 19:48 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-10-20 18:08 . 2009-10-26 01:15 -------- d-----w- c:\program files\CyberLink
2009-10-20 18:08 . 2009-10-20 19:31 -------- d-----w- C:\MyWorks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 18:34 . 2007-10-31 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-25 15:17 . 2005-04-30 05:08 -------- d-----w- c:\program files\Java
2009-10-25 15:05 . 2005-04-30 05:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-25 15:04 . 2005-04-30 05:48 -------- d-----w- c:\program files\Symantec
2009-10-25 14:03 . 2005-11-19 14:28 63280 ----a-w- c:\documents and settings\Bryce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 19:15 . 2009-10-03 13:11 120 ----a-w- c:\windows\Tvidifuyiw.dat
2009-10-23 17:53 . 2007-10-31 02:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 12:27 . 2009-10-03 13:11 0 ----a-w- c:\windows\Cjegas.bin
2009-10-20 20:20 . 2005-04-30 04:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 22:44 . 2008-10-09 23:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-02 00:17 . 2009-10-02 00:17 48868 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-21 22:49 . 2005-10-17 08:56 -------- d-----w- c:\documents and settings\Bryce\Application Data\Apple Computer
2009-09-21 22:45 . 2009-09-21 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 22:45 . 2009-09-21 22:43 -------- d-----w- c:\program files\iTunes
2009-09-21 22:43 . 2009-09-21 22:43 -------- d-----w- c:\program files\iPod
2009-09-21 22:43 . 2009-03-18 01:18 -------- d-----w- c:\program files\Common Files\Apple
2009-09-21 22:39 . 2009-09-21 22:38 -------- d-----w- c:\program files\QuickTime
2009-09-16 14:22 . 2007-10-31 22:33 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2007-10-31 22:33 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2007-10-31 22:33 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2007-10-31 22:33 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2007-10-31 22:33 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 14:24 . 2009-04-12 19:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 23:42 . 2009-03-18 01:18 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-03-18 01:18 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2004-08-04 08:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 08:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-04 08:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-04 08:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 08:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-04 08:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-04-13 22:37 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2009-04-13 22:37 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2004-08-04 08:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 08:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-31 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-25 149280]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-17 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"EzPrint"="c:\program files\Lexmark 5600-6600 Series\ezprint.exe" [2008-09-10 131752]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/25/2009 9:37 AM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1170768]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/9/2008 4:49 PM 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 10:18 AM 200192]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [8/31/2009 3:55 PM 98984]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/1/2009 7:11 PM 38224]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 14:36]

2009-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2008-08-18 c:\windows\Tasks\cleanup.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-10-31 16:22]

2009-10-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-10-31 16:22]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-10-31 16:22]

2009-11-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://hotmail.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\office
FF - ProfilePath - c:\documents and settings\Bryce\Application Data\Mozilla\Firefox\Profiles\1ynbc037.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XULRunner: {6A021D06-B205-417F-80B6-A836562891EF} - c:\documents and settings\Bryce\Local Settings\Application Data\{6A021D06-B205-417F-80B6-A836562891EF}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - e:\malwarebytes' anti-malware\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 09:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?3?4?1??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2088193387-1010034190-3797244151-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2088193387-1010034190-3797244151-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2088193387-1010034190-3797244151-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2088193387-1010034190-3797244151-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2088193387-1010034190-3797244151-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2764)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxducoms.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2009-11-02 9:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 14:54

Pre-Run: 20,778,008,576 bytes free
Post-Run: 20,917,551,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F23077CECB40CC48C1D8F1D6F4466AD0

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 AM

Posted 02 November 2009 - 06:27 PM

Nothing much found their lets see if we can sort out Malwarebytes, go to add or remove programs and uninstall it, then reinstall and run it.

Please run Gmer as directed here


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • GooredFix.txt
  • New Rsit log
Thanks

unite.jpg


#13 sconyers

sconyers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 03 November 2009 - 07:54 AM

Here you go, thanks so much.

Malwarebytes' Anti-Malware 1.41
Database version: 3090
Windows 5.1.2600 Service Pack 3

11/2/2009 9:03:12 PM
mbam-log-2009-11-02 (21-03-12).txt

Scan type: Quick Scan
Objects scanned: 124697
Time elapsed: 10 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-02 22:07:16
Windows 5.1.2600 Service Pack 3
Running: 939lqjcg.exe; Driver: C:\DOCUME~1\Bryce\LOCALS~1\Temp\awloraow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys ZwCreateKey [0xF768887E]
SSDT Lbd.sys ZwSetValueKey [0xF7688BFE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEE4EF78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEE4EF738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEE4EF74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEE4EF7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEE4EF710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEE4EF724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEE4EF79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEE4EF776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEE4EF762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEE4EF7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEE4EF7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEE4EF7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP EE4EF7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP EE4EF78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74FE 7 Bytes JMP EE4EF7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8314 5 Bytes JMP EE4EF7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA96 7 Bytes JMP EE4EF7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1324 5 Bytes JMP EE4EF714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15B0 5 Bytes JMP EE4EF728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE2 5 Bytes JMP EE4EF766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F8 7 Bytes JMP EE4EF750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AE 5 Bytes JMP EE4EF73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B8 5 Bytes JMP EE4EF77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB8 5 Bytes JMP EE4EF7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? Lbd.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020000
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01020070
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0102005F
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0102004E
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0102003D
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020F9B
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01020F60
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010200A8
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01020F19
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01020F2A
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010200CD
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0102002C
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01020FE5
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0102008B
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01020011
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01020FCA
.text C:\WINDOWS\system32\services.exe[728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01020F45
.text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF006C
.text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF005B
.text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1F, 89]
.text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\services.exe[728] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0031
.text C:\WINDOWS\system32\services.exe[728] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0FA6
.text C:\WINDOWS\system32\services.exe[728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE000C
.text C:\WINDOWS\system32\services.exe[728] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FE3
.text C:\WINDOWS\system32\services.exe[728] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0FB7
.text C:\WINDOWS\system32\services.exe[728] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FD2
.text C:\WINDOWS\system32\services.exe[728] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90F77
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E9006C
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90F92
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E9005B
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90FAF
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90091
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E90F55
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E900B6
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E90F13
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E90F02
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90040
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E90F66
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90FC0
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E9001B
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E90F24
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80FB9
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80036
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80F79
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E80F94
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [08, 89]
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E8001B
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E70FC5
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70050
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E7002E
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E7003F
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E7001D
.text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60FE5
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AE0F8A
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AE0F9B
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AE0FAC
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AE0069
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AE003D
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AE0F5C
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AE0F79
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AE0F41
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AE00DA
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AE0F30
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AE0058
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AE0FDB
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AE009A
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AE002C
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AE0011
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AE00C9
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AD0036
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AD0073
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AD0025
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AD0FE5
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AD0062
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AD0051
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AD0FC0
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AC0FBE
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AC0053
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AC0FE3
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AC0038
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AC0011
.text C:\WINDOWS\system32\svchost.exe[912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB0FE5
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50096
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C5007B
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50F97
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50FA8
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50FB9
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C500BB
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C50F75
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50F4E
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C500E7
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C500F8
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C5004A
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C50F86
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C5001B
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C50FD4
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C500CC
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C40040
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C4008E
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C4002F
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C40014
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C4007D
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C40062
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C40051
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30FAD
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30038
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30027
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FE3
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30FD2
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3000C
.text C:\WINDOWS\system32\svchost.exe[980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C2000A
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02720FE5
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02720064
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02720F6F
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02720F80
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0272003D
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0272002C
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02720F26
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02720F37
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02720F0B
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027200A4
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 027200BF
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02720FA5
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0272000A
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02720F54
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0272001B
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02720FCA
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02720089
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02710FB9
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0271002F
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02710FCA
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02710FE5
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02710F72
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02710000
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02710F83
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [91, 8A]
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02710F9E
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02700049
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!system 77C293C7 5 Bytes JMP 02700FB4
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0270001D
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02700000
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0270002E
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02700FE3
.text C:\WINDOWS\System32\svchost.exe[1096] WS2_32.dll!socket 71AB4211 5 Bytes JMP 026F0FEF
.text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 026E0000
.text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 026E0FE5
.text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 026E0011
.text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 026E0022
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0078005D
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F68
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F79
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780036
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780FA8
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780F17
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780F32
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800B0
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780095
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00780EFC
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780025
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FD4
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780F43
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FC3
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780014
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0078007A
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770FD4
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770087
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770FE5
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00770011
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00770076
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00770065
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770040
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760F9A
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760025
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760FBC
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760FAB
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760FD7
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D0FB9
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0098
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0FDB
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0062
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0F81
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D00C9
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0F4B
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D00E4
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D00FF
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0073
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0FA8
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D0051
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D0036
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F66
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0025
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C006C
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0014
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C0FAF
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009C0051
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0036
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B002C
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0FAB
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0FBC
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0011
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0089
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F9E
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0FAF
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC006C
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00D2
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC00B5
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F57
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F68
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC010B
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00A4
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F79
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FCA
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660F79
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0066001B
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660F8A
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660036
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660FA5
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650073
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650033
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0065000C
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0065004E
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1680] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1680] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1680] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1680] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00630040
.text C:\WINDOWS\system32\svchost.exe[1680] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90F55
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F66
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90F83
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F9E
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90F33
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F44
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90F07
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B900A0
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900BB
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90FB9
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B9006F
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90040
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90025
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90F22
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80F9E
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80F72
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B8002F
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B8001E
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80F8D
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B7004E
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70FC3
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70018
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70029
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FDE
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E3000A
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E30043
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E30F4E
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E30F75
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E30F86
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E30FB2
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E30065
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E30054
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E300A2
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E30091
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E300C7
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E30F97
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E30F29
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E30FCD
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\explorer.exe[2764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E30080
.text C:\WINDOWS\explorer.exe[2764] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DE0FB2
.text C:\WINDOWS\explorer.exe[2764] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DE0043
.text C:\WINDOWS\explorer.exe[2764] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DE0FC3
.text C:\WINDOWS\explorer.exe[2764] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DE0FDE
.text C:\WINDOWS\explorer.exe[2764] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DE0032
.text C:\WINDOWS\explorer.exe[2764] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\explorer.exe[2764] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DE0F90
.text C:\WINDOWS\explorer.exe[2764] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FE, 88]
.text C:\WINDOWS\explorer.exe[2764] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DE0FA1
.text C:\WINDOWS\explorer.exe[2764] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0049
.text C:\WINDOWS\explorer.exe[2764] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0038
.text C:\WINDOWS\explorer.exe[2764] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB0FD2
.text C:\WINDOWS\explorer.exe[2764] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0FE3
.text C:\WINDOWS\explorer.exe[2764] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0027
.text C:\WINDOWS\explorer.exe[2764] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB000C
.text C:\WINDOWS\explorer.exe[2764] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D10000
.text C:\WINDOWS\explorer.exe[2764] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D10025
.text C:\WINDOWS\explorer.exe[2764] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D10036
.text C:\WINDOWS\explorer.exe[2764] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\explorer.exe[2764] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A005B
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0040
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F66
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A002F
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FB2
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F30
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0082
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F04
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F15
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0EDF
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0F97
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F4B
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[2904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0093
.text C:\WINDOWS\System32\svchost.exe[2904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FE5
.text C:\WINDOWS\System32\svchost.exe[2904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290FA5
.text C:\WINDOWS\System32\svchost.exe[2904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290036
.text C:\WINDOWS\System32\svchost.exe[2904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290025
.text C:\WINDOWS\System32\svchost.exe[2904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290062
.text C:\WINDOWS\System32\svchost.exe[2904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[2904] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290051
.text C:\WINDOWS\System32\svchost.exe[2904] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[2904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0F8B
.text C:\WINDOWS\System32\svchost.exe[2904] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0F9C
.text C:\WINDOWS\System32\svchost.exe[2904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FC8
.text C:\WINDOWS\System32\svchost.exe[2904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[2904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FAD
.text C:\WINDOWS\System32\svchost.exe[2904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E000C
.text C:\WINDOWS\System32\svchost.exe[2904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D50000
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D50084
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D50F99
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D50073
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D50058
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D50FCA
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D50F52
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D50F63
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D500D0
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D500B5
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D500E1
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D50047
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D5001B
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D50F74
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D50036
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D50FE5
.text C:\Program Files\Messenger\msmsgs.exe[3772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D50F41
.text C:\Program Files\Messenger\msmsgs.exe[3772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009C0042
.text C:\Program Files\Messenger\msmsgs.exe[3772] msvcrt.dll!system 77C293C7 5 Bytes JMP 009C0FB7
.text C:\Program Files\Messenger\msmsgs.exe[3772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009C0FD9
.text C:\Program Files\Messenger\msmsgs.exe[3772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009C0000
.text C:\Program Files\Messenger\msmsgs.exe[3772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009C0FC8
.text C:\Program Files\Messenger\msmsgs.exe[3772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009C0011
.text C:\Program Files\Messenger\msmsgs.exe[3772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009D0025
.text C:\Program Files\Messenger\msmsgs.exe[3772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009D0FA1
.text C:\Program Files\Messenger\msmsgs.exe[3772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009D0014
.text C:\Program Files\Messenger\msmsgs.exe[3772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009D0FDE
.text C:\Program Files\Messenger\msmsgs.exe[3772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009D005E
.text C:\Program Files\Messenger\msmsgs.exe[3772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009D0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009D0FB2
.text C:\Program Files\Messenger\msmsgs.exe[3772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BD, 88]
.text C:\Program Files\Messenger\msmsgs.exe[3772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009D0FC3
.text C:\Program Files\Messenger\msmsgs.exe[3772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B000A
.text C:\Program Files\Messenger\msmsgs.exe[3772] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009A0000
.text C:\Program Files\Messenger\msmsgs.exe[3772] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009A001B
.text C:\Program Files\Messenger\msmsgs.exe[3772] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009A0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3772] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 009A0FCA

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----




GooredFix by jpshortstuff (24.09.09.1)
Log created at 07:45 on 03/11/2009 (Bryce)
Firefox version 3.5.3 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{6A021D06-B205-417F-80B6-A836562891EF} -> Success!
Deleting C:\Documents and Settings\Bryce\Local Settings\Application Data\{6A021D06-B205-417F-80B6-A836562891EF} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:08 25/10/2009]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [17:13 20/10/2007]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [15:22 25/10/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [21:48 09/10/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:28 25/10/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [15:18 25/10/2009]

-=E.O.F=-



Logfile of random's system information tool 1.06 (written by random/random)
Run by Bryce at 2009-11-03 07:49:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (53%) free of 38 GB
Total RAM: 894 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:43 AM, on 11/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bryce\Desktop\RSIT.exe
C:\security apps\Bryce.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - https://web04.farvv.com/sn/ImageUploader4.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11850 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\cleanup.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-04 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-11 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]
Lexmark Printable Web - C:\Program Files\Lexmark Printable Web\bho.dll [2008-09-10 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-25 149280]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-10-17 26112]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"lxdumon.exe"=C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [2008-09-10 676520]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-01 794624]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]
"EzPrint"=C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe [2008-09-10 131752]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-11 339968]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-30 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\lxducoms.exe"="C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-02 09:59:24 ----A---- C:\ComboFix.txt
2009-11-02 09:30:06 ----A---- C:\Boot.bak
2009-11-02 09:29:51 ----RASHD---- C:\cmdcons
2009-11-02 09:28:30 ----A---- C:\WINDOWS\zip.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\SWSC.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\SWREG.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\sed.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\PEV.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\MBR.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\grep.exe
2009-11-02 09:28:19 ----D---- C:\WINDOWS\ERDNT
2009-11-02 09:27:42 ----D---- C:\Qoobox
2009-11-02 08:56:53 ----A---- C:\VisualBasic6-KB896559-v1-ENU.exe
2009-11-02 08:52:52 ----A---- C:\mbam-setup.exe
2009-11-01 17:32:29 ----D---- C:\rsit
2009-10-26 15:10:04 ----D---- C:\Program Files\Uniblue
2009-10-26 15:08:22 ----A---- C:\processscanner.exe
2009-10-26 13:46:40 ----D---- C:\Autoruns
2009-10-25 19:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-10-25 11:14:14 ----A---- C:\WINDOWS\imsins.BAK
2009-10-25 10:39:33 ----HDC---- C:\WINDOWS\ie8
2009-10-25 10:21:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-25 10:21:50 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-25 10:21:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-25 10:21:47 ----A---- C:\WINDOWS\system32\java.exe
2009-10-25 09:33:18 ----HDC---- C:\Documents and Settings\All Users\Application Data\~0
2009-10-25 09:10:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-24 22:34:46 ----D---- C:\Documents and Settings\Bryce\Application Data\Malwarebytes
2009-10-24 22:34:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-24 22:34:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-24 22:26:06 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-24 22:25:53 ----D---- C:\Program Files\MSBuild
2009-10-24 22:25:23 ----D---- C:\Program Files\Reference Assemblies
2009-10-24 22:21:11 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-24 22:21:11 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-10-24 22:21:10 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-10-24 22:21:09 ----D---- C:\889b51d18678546b99
2009-10-24 19:43:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-24 13:35:50 ----A---- C:\WindowsXP-KB958644-x86-ENU.exe
2009-10-23 14:49:30 ----A---- C:\RootRepeal report 10-23-09 (15-49-30).txt
2009-10-23 14:39:30 ----A---- C:\RootRepeal report 10-23-09 (15-39-30).txt
2009-10-23 13:10:44 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-10-23 13:07:26 ----D---- C:\Program Files\Windows Defender
2009-10-23 12:44:36 ----D---- C:\security apps
2009-10-23 08:02:29 ----D---- C:\Program Files\FileHippo.com
2009-10-20 15:40:51 ----D---- C:\WINDOWS\ie8updates
2009-10-20 14:31:24 ----D---- C:\Documents and Settings\Bryce\Application Data\CyberLink
2009-10-20 14:20:03 ----D---- C:\Documents and Settings\All Users\Application Data\Cyberlink
2009-10-20 14:19:24 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-10-20 13:08:57 ----D---- C:\Program Files\CyberLink
2009-10-20 13:08:57 ----D---- C:\MyWorks
2009-10-18 13:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-18 10:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-18 10:14:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-18 10:14:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-18 10:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-18 10:12:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-18 10:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-18 10:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-18 10:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

======List of files/folders modified in the last 1 months======

2009-11-03 07:49:26 ----D---- C:\WINDOWS\Temp
2009-11-03 07:49:22 ----D---- C:\WINDOWS\Prefetch
2009-11-03 07:47:17 ----D---- C:\Program Files\Mozilla Firefox
2009-11-02 20:51:15 ----D---- C:\WINDOWS\system32\drivers
2009-11-02 20:46:14 ----SHD---- C:\WINDOWS\Installer
2009-11-02 20:46:12 ----D---- C:\Config.Msi
2009-11-02 20:46:08 ----RD---- C:\Program Files
2009-11-02 20:45:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-02 20:45:41 ----D---- C:\WINDOWS\system32
2009-11-02 10:01:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-02 10:00:15 ----SD---- C:\WINDOWS\Tasks
2009-11-02 09:52:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-02 09:48:15 ----D---- C:\WINDOWS
2009-11-02 09:47:13 ----A---- C:\WINDOWS\system.ini
2009-11-02 09:40:44 ----D---- C:\WINDOWS\system32\config
2009-11-02 09:39:07 ----D---- C:\RECYCLER
2009-11-02 09:36:50 ----D---- C:\WINDOWS\AppPatch
2009-11-02 09:36:43 ----D---- C:\Program Files\Common Files
2009-11-02 09:30:07 ----RASH---- C:\boot.ini
2009-11-02 09:28:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-02 08:57:26 ----HD---- C:\WINDOWS\inf
2009-10-26 17:11:01 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-10-26 15:17:06 ----D---- C:\WINDOWS\Help
2009-10-26 13:34:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-26 13:25:40 ----A---- C:\WINDOWS\win.ini
2009-10-26 13:25:38 ----D---- C:\WINDOWS\pss
2009-10-25 20:34:53 ----RSD---- C:\WINDOWS\assembly
2009-10-25 20:31:54 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-25 19:32:07 ----D---- C:\WINDOWS\WinSxS
2009-10-25 19:25:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-25 18:09:47 ----D---- C:\WINDOWS\system32\en-US
2009-10-25 18:09:46 ----D---- C:\WINDOWS\Media
2009-10-25 18:09:45 ----D---- C:\Program Files\Internet Explorer
2009-10-25 10:27:10 ----D---- C:\WINDOWS\Debug
2009-10-25 10:17:06 ----D---- C:\Program Files\Java
2009-10-25 10:05:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-10-25 10:04:00 ----D---- C:\Program Files\Symantec
2009-10-24 22:25:43 ----RSD---- C:\WINDOWS\Fonts
2009-10-24 22:24:35 ----D---- C:\WINDOWS\system32\spool
2009-10-24 21:18:30 ----D---- C:\Documents and Settings
2009-10-24 13:10:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-23 13:07:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-23 12:53:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-23 07:51:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-23 07:35:56 ----D---- C:\Documents and Settings\Bryce\Application Data\Mozilla
2009-10-22 08:58:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-20 15:55:02 ----D---- C:\Program Files\MSN
2009-10-20 15:20:30 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-10-17 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-11 1035264]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 awloraow;awloraow; \??\C:\DOCUME~1\Bryce\LOCALS~1\Temp\awloraow.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-01-18 55320]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
S3 mbr;mbr; \??\C:\DOCUME~1\Bryce\LOCALS~1\Temp\mbr.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-11 360448]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-25 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
R2 lxdu_device;lxdu_device; C:\WINDOWS\system32\lxducoms.exe [2008-05-23 594600]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-23 98984]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:47 AM

Posted 03 November 2009 - 05:48 PM

sconyers,

Please let me know in your next reply if you are still having any problems.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
    :Files
    c:\windows\Tvidifuyiw.dat
    c:\windows\Cjegas.bin
    :Commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back here with the following logs:
  • OTM results
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#15 sconyers

sconyers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 November 2009 - 09:34 AM

Hi Syler - The browser redirects seem to be fixed, however opening both browsers, IE and Firefox are painfully slow. As in at least 5 minutes to open. Once opened, browsing is fast. I updated Java, and followed the other instructions, here are the logs. Thanks so much.

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
========== FILES ==========
c:\windows\Tvidifuyiw.dat moved successfully.
c:\windows\Cjegas.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 33094701 bytes

User: All Users

User: Bryce
->Temp folder emptied: 31449 bytes
->Temporary Internet Files folder emptied: 9392968 bytes
->Java cache emptied: 25493450 bytes
->FireFox cache emptied: 33082823 bytes
->Apple Safari cache emptied: 125060 bytes

User: Bryce2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 17348315 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 98438 bytes

User: NetworkService
->Temp folder emptied: 1792 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Susan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 7866 bytes
RecycleBin emptied: 67033 bytes

Total Files Cleaned = 113.40 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11042009_081816

OTM by OldTimer - Version 3.0.0.6 log created on 11042009_081808

Files moved on Reboot...

Registry entries deleted on Reboot...



KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 4, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 04, 2009 15:55:21
Records in database: 3132071


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Objects scanned 64936
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 02:33:42

No threats found. Scanned area is clean.
Selected area has been scanned.




Logfile of random's system information tool 1.06 (written by random/random)
Run by Bryce at 2009-11-05 09:25:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (53%) free of 38 GB
Total RAM: 894 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:45 AM, on 11/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bryce\Desktop\RSIT.exe
C:\security apps\Bryce.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - https://web04.farvv.com/sn/ImageUploader4.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12323 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\cleanup.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-04 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-11 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]
Lexmark Printable Web - C:\Program Files\Lexmark Printable Web\bho.dll [2008-09-10 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-10-17 26112]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"lxdumon.exe"=C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [2008-09-10 676520]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-01 794624]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]
"EzPrint"=C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe [2008-09-10 131752]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-11 339968]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-30 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\lxducoms.exe"="C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-04 10:14:34 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-04 10:14:34 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-04 10:14:33 ----A---- C:\WINDOWS\system32\java.exe
2009-11-04 08:18:22 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-11-04 08:18:08 ----D---- C:\_OTM
2009-11-02 09:59:24 ----A---- C:\ComboFix.txt
2009-11-02 09:30:06 ----A---- C:\Boot.bak
2009-11-02 09:29:51 ----RASHD---- C:\cmdcons
2009-11-02 09:28:30 ----A---- C:\WINDOWS\zip.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\SWSC.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\SWREG.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\sed.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\PEV.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\MBR.exe
2009-11-02 09:28:30 ----A---- C:\WINDOWS\grep.exe
2009-11-02 09:28:19 ----D---- C:\WINDOWS\ERDNT
2009-11-02 09:27:42 ----D---- C:\Qoobox
2009-11-02 08:56:53 ----A---- C:\VisualBasic6-KB896559-v1-ENU.exe
2009-11-02 08:52:52 ----A---- C:\mbam-setup.exe
2009-11-01 17:32:29 ----D---- C:\rsit
2009-10-26 15:10:04 ----D---- C:\Program Files\Uniblue
2009-10-26 15:08:22 ----A---- C:\processscanner.exe
2009-10-26 13:46:40 ----D---- C:\Autoruns
2009-10-25 19:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-10-25 11:14:14 ----A---- C:\WINDOWS\imsins.BAK
2009-10-25 10:39:33 ----HDC---- C:\WINDOWS\ie8
2009-10-25 10:21:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-25 09:10:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-24 22:34:46 ----D---- C:\Documents and Settings\Bryce\Application Data\Malwarebytes
2009-10-24 22:34:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-24 22:34:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-24 22:26:06 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-24 22:25:53 ----D---- C:\Program Files\MSBuild
2009-10-24 22:25:23 ----D---- C:\Program Files\Reference Assemblies
2009-10-24 22:21:11 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-24 22:21:11 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-10-24 22:21:10 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-10-24 22:21:09 ----D---- C:\889b51d18678546b99
2009-10-24 19:43:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-24 13:35:50 ----A---- C:\WindowsXP-KB958644-x86-ENU.exe
2009-10-23 14:39:30 ----A---- C:\RootRepeal report 10-23-09 (15-39-30).txt
2009-10-23 13:10:44 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-10-23 13:07:26 ----D---- C:\Program Files\Windows Defender
2009-10-23 12:44:36 ----D---- C:\security apps
2009-10-23 08:02:29 ----D---- C:\Program Files\FileHippo.com
2009-10-20 15:40:51 ----D---- C:\WINDOWS\ie8updates
2009-10-20 14:31:24 ----D---- C:\Documents and Settings\Bryce\Application Data\CyberLink
2009-10-20 14:20:03 ----D---- C:\Documents and Settings\All Users\Application Data\Cyberlink
2009-10-20 14:19:24 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-10-20 13:08:57 ----D---- C:\Program Files\CyberLink
2009-10-20 13:08:57 ----D---- C:\MyWorks
2009-10-18 13:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-18 10:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-18 10:14:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-18 10:14:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-18 10:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-18 10:12:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-18 10:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-18 10:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-18 10:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

======List of files/folders modified in the last 1 months======

2009-11-05 09:27:53 ----D---- C:\WINDOWS\Temp
2009-11-05 09:03:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-05 09:03:02 ----SD---- C:\WINDOWS\Tasks
2009-11-05 09:02:15 ----D---- C:\Program Files\Mozilla Firefox
2009-11-05 09:01:36 ----D---- C:\WINDOWS
2009-11-05 08:58:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-04 16:59:19 ----D---- C:\WINDOWS\system32
2009-11-04 15:04:50 ----HD---- C:\WINDOWS\inf
2009-11-04 15:04:28 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-04 15:02:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-04 15:00:59 ----D---- C:\WINDOWS\Prefetch
2009-11-04 10:23:56 ----SHD---- C:\WINDOWS\Installer
2009-11-04 10:23:48 ----D---- C:\Program Files\Java
2009-11-04 10:23:48 ----D---- C:\Config.Msi
2009-11-04 08:52:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-02 20:51:15 ----D---- C:\WINDOWS\system32\drivers
2009-11-02 20:46:08 ----RD---- C:\Program Files
2009-11-02 20:45:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-02 09:47:13 ----A---- C:\WINDOWS\system.ini
2009-11-02 09:40:44 ----D---- C:\WINDOWS\system32\config
2009-11-02 09:39:07 ----SHD---- C:\RECYCLER
2009-11-02 09:36:50 ----D---- C:\WINDOWS\AppPatch
2009-11-02 09:36:43 ----D---- C:\Program Files\Common Files
2009-11-02 09:30:07 ----RASH---- C:\boot.ini
2009-10-26 15:17:06 ----D---- C:\WINDOWS\Help
2009-10-26 13:34:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-26 13:25:40 ----A---- C:\WINDOWS\win.ini
2009-10-26 13:25:38 ----D---- C:\WINDOWS\pss
2009-10-25 20:34:53 ----RSD---- C:\WINDOWS\assembly
2009-10-25 20:31:54 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-25 19:32:07 ----D---- C:\WINDOWS\WinSxS
2009-10-25 19:25:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-25 18:09:47 ----D---- C:\WINDOWS\system32\en-US
2009-10-25 18:09:46 ----D---- C:\WINDOWS\Media
2009-10-25 18:09:45 ----D---- C:\Program Files\Internet Explorer
2009-10-25 10:27:10 ----D---- C:\WINDOWS\Debug
2009-10-25 10:05:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-10-25 10:04:00 ----D---- C:\Program Files\Symantec
2009-10-24 22:25:43 ----RSD---- C:\WINDOWS\Fonts
2009-10-24 22:24:35 ----D---- C:\WINDOWS\system32\spool
2009-10-24 21:18:30 ----D---- C:\Documents and Settings
2009-10-24 13:10:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-23 13:07:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-23 12:53:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-23 07:51:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-23 07:35:56 ----D---- C:\Documents and Settings\Bryce\Application Data\Mozilla
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-20 15:55:02 ----D---- C:\Program Files\MSN
2009-10-20 15:20:30 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-10-17 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-11 1035264]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-01-18 55320]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-11 360448]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
R2 lxdu_device;lxdu_device; C:\WINDOWS\system32\lxducoms.exe [2008-05-23 594600]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-23 98984]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users