Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Running Very Slowly


  • This topic is locked This topic is locked
14 replies to this topic

#1 VancouverMark

VancouverMark

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 28 October 2009 - 10:09 AM

Hi everyone,

My computer has suddenly started running very slowly and I think it may have started with a possible trojan infection or malware isue. I have scanned with Spyware Doctor etc. and came up empty handed. I ran Hijack this and this is the log I got:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:04 PM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\shaw\bin\shawsupport.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = with Microsoft Internet Explorer and Leswick Computers
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-21-1123561945-1078081533-839522115-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1123561945-1078081533-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1123561945-1078081533-839522115-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Shaw Support.lnk = C:\Program Files\shaw\bin\shawsupport.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\New User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/KO-KR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140151402144
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://webmap.abbotsford.ca/WebMap/AppRequirements/Acgm.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ,vc.shawcable.net,vc.shawcable.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ,vc.shawcable.net,vc.shawcable.net
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1ca12dd47717200) (gupdate1ca12dd47717200) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12692 bytes


Thanks,

Mark

BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 03 November 2009 - 05:25 AM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#3 VancouverMark

VancouverMark
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 04 November 2009 - 11:09 AM

Thanks for your help Net_Surfer! I downloaded and scanned using DDS. Here is the log file:


DDS (Ver_09-10-26.01) - NTFSx86
Run by New User at 17:04:30.36 on Tue 11/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.235 [GMT -8:00]

AV: Shaw Secure 8.02 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Shaw Secure 8.02 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\shaw\bin\shawsupport.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\New User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uWindow title = with Microsoft Internet Explorer and Leswick Computers
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
{7e853d72-626a-48ec-a868-ba8d5e23e045}
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\shaw secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shawsu~1.lnk - c:\program files\shaw\bin\shawsupport.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: UseDesktopIniCache = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\new user\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\program files\shaw secure\fsps\program\FSLSP.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/KO-KR/a-UNO1/GAME_UNO1.cab
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140151402144
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://webmap.abbotsford.ca/WebMap/AppRequirements/Acgm.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2006-1-1 9344]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-7-27 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-7-27 79872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-20 130424]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\shaw secure\hips\drivers\fshs.sys [2009-7-27 67808]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-10-4 348752]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [2007-8-8 37120]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys [2009-7-27 101496]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\shaw secure\orsp client\fsorsp.exe [2009-7-27 55904]
R3 OpenDrvII;AOpen OpenCLibv4 Driver;c:\windows\system32\drivers\OpenDrvII.sys [2004-8-31 4736]
S2 gupdate1ca12dd47717200;Google Update Service (gupdate1ca12dd47717200);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\subagames\crossfire\gameguard\dump_wmimmc.sys --> c:\program files\subagames\crossfire\gameguard\dump_wmimmc.sys [?]
S3 EzInstall;EzInstall;\??\g:\ezinstall\ezinstall.sys --> g:\ezinstall\EzInstall.sys [?]
S3 N5SG;Airlink101 SuperG Wireless Network Adapter Service;c:\windows\system32\drivers\N5SG.sys [2006-11-3 467040]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 OpenDrvKmd;OpenDrvKmd;\??\c:\docume~1\newuse~1\locals~1\temp\checkmodel.tmp\opendrvkmd.sys --> c:\docume~1\newuse~1\locals~1\temp\checkmodel.tmp\OpenDrvKmd.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys [2009-7-27 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\shaw secure\anti-virus\win2k\fsrec.sys [2009-7-27 25184]

=============== Created Last 30 ================

2009-10-28 05:36:24 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2009-10-01 17:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 02:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2008-11-09 21:59:24 19456 ----a-w- c:\program files\doc.1.doc
2008-10-04 22:26:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100420081005\index.dat

============= FINISH: 17:07:51.85 ===============

Thanks!!

#4 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 04 November 2009 - 01:28 PM

Hello VancouverMark, :(

I need one more log from the scan you did with DDS:
  • "When done scanning with it, DDS will open two (2) logs":
    • DDS.txt
    • Attach.txt
  • I need to see the Attach.txt.
Please copy and paste it back here for my review.

#5 VancouverMark

VancouverMark
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 04 November 2009 - 01:44 PM

Hello VancouverMark, :(

I need one more log from the scan you did with DDS:

  • "When done scanning with it, DDS will open two (2) logs":
    • DDS.txt
    • Attach.txt
  • I need to see the Attach.txt.
Please copy and paste it back here for my review.


Here is the 'attach.txt' log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/16/2006 8:09:36 PM
System Uptime: 11/3/2009 9:08:26 AM (8 hours ago)

Motherboard: Quntumn Designs Limited | | PLATINIX-2
Processor: Intel® Pentium® 4 CPU 1.50GHz | Socket 478 | 1499/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 108 GiB total, 82.356 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 18.034 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP187: 8/5/2009 7:41:20 PM - System Checkpoint
RP188: 8/6/2009 7:58:02 PM - System Checkpoint
RP189: 8/8/2009 10:43:26 AM - System Checkpoint
RP190: 8/9/2009 2:47:46 PM - Software Distribution Service 3.0
RP191: 8/10/2009 6:10:35 PM - Software Distribution Service 3.0
RP192: 8/11/2009 8:41:32 PM - System Checkpoint
RP193: 8/11/2009 10:15:57 PM - Software Distribution Service 3.0
RP194: 8/12/2009 10:40:23 PM - System Checkpoint
RP195: 8/13/2009 10:43:08 PM - System Checkpoint
RP196: 8/14/2009 10:46:04 PM - System Checkpoint
RP197: 8/18/2009 6:19:40 PM - Software Distribution Service 3.0
RP198: 8/27/2009 8:31:15 PM - System Checkpoint
RP199: 8/27/2009 8:40:34 PM - Software Distribution Service 3.0
RP200: 8/28/2009 12:00:20 PM - Software Distribution Service 3.0
RP201: 8/29/2009 8:42:54 PM - System Checkpoint
RP202: 8/29/2009 11:16:35 PM - Software Distribution Service 3.0
RP203: 8/30/2009 11:50:27 PM - Software Distribution Service 3.0
RP204: 8/31/2009 8:51:13 AM - Software Distribution Service 3.0
RP205: 9/1/2009 9:02:29 AM - System Checkpoint
RP206: 9/1/2009 11:08:13 PM - Software Distribution Service 3.0
RP207: 9/2/2009 11:09:19 PM - System Checkpoint
RP208: 9/3/2009 8:54:24 AM - Software Distribution Service 3.0
RP209: 9/4/2009 10:19:51 AM - System Checkpoint
RP210: 9/5/2009 3:36:35 PM - System Checkpoint
RP211: 9/6/2009 4:14:28 PM - System Checkpoint
RP212: 9/7/2009 5:00:08 PM - System Checkpoint
RP213: 9/7/2009 8:51:32 PM - Software Distribution Service 3.0
RP214: 9/8/2009 9:54:05 PM - Software Distribution Service 3.0
RP215: 9/10/2009 3:36:20 PM - Software Distribution Service 3.0
RP216: 9/10/2009 9:59:43 PM - Software Distribution Service 3.0
RP217: 9/12/2009 9:43:19 AM - System Checkpoint
RP218: 9/13/2009 11:11:46 AM - System Checkpoint
RP219: 9/14/2009 8:17:18 AM - Software Distribution Service 3.0
RP220: 9/15/2009 8:58:41 AM - System Checkpoint
RP221: 9/16/2009 9:23:00 AM - System Checkpoint
RP222: 9/16/2009 4:59:53 PM - Spyware Doctor: Cleaning Threats
RP223: 9/17/2009 3:43:59 PM - Software Distribution Service 3.0
RP224: 9/18/2009 3:58:51 PM - System Checkpoint
RP225: 9/19/2009 9:28:57 AM - Shaw Internet w
RP226: 9/19/2009 1:27:27 PM - psc 8.02 build 106 Installation
RP227: 9/20/2009 8:02:18 PM - System Checkpoint
RP228: 9/21/2009 5:27:08 PM - Software Distribution Service 3.0
RP229: 9/22/2009 5:45:08 PM - System Checkpoint
RP230: 9/23/2009 6:55:57 PM - System Checkpoint
RP231: 9/24/2009 8:31:10 AM - Software Distribution Service 3.0
RP232: 9/25/2009 8:49:27 AM - System Checkpoint
RP233: 9/26/2009 9:27:23 AM - System Checkpoint
RP234: 9/26/2009 12:00:18 PM - Software Distribution Service 3.0
RP235: 9/27/2009 2:21:21 PM - System Checkpoint
RP236: 9/28/2009 1:14:47 PM - Software Distribution Service 3.0
RP237: 9/29/2009 4:32:01 PM - System Checkpoint
RP238: 9/30/2009 4:33:37 PM - System Checkpoint
RP239: 10/1/2009 5:43:10 PM - System Checkpoint
RP240: 10/2/2009 10:12:52 AM - Software Distribution Service 3.0
RP241: 10/3/2009 10:34:23 AM - System Checkpoint
RP242: 10/4/2009 12:29:52 PM - System Checkpoint
RP243: 10/5/2009 8:42:57 AM - Software Distribution Service 3.0
RP244: 10/6/2009 9:34:24 AM - System Checkpoint
RP245: 10/7/2009 10:16:10 AM - System Checkpoint
RP246: 10/8/2009 10:58:36 AM - System Checkpoint
RP247: 10/8/2009 3:56:16 PM - Software Distribution Service 3.0
RP248: 10/9/2009 8:16:36 PM - System Checkpoint
RP249: 10/10/2009 6:08:04 AM - Shaw Internet w
RP250: 10/11/2009 1:02:12 PM - System Checkpoint
RP251: 10/12/2009 9:43:43 AM - Software Distribution Service 3.0
RP252: 10/13/2009 4:54:31 PM - System Checkpoint
RP253: 10/14/2009 5:00:16 PM - System Checkpoint
RP254: 10/14/2009 9:58:32 PM - Software Distribution Service 3.0
RP255: 10/16/2009 4:18:12 PM - Software Distribution Service 3.0
RP256: 10/17/2009 4:33:37 PM - System Checkpoint
RP257: 10/18/2009 4:34:18 PM - System Checkpoint
RP258: 10/19/2009 5:19:09 PM - Software Distribution Service 3.0
RP259: 10/20/2009 7:14:39 PM - System Checkpoint
RP260: 10/21/2009 7:36:26 PM - System Checkpoint
RP261: 10/22/2009 12:32:06 PM - Software Distribution Service 3.0
RP262: 10/23/2009 12:52:01 PM - System Checkpoint
RP263: 10/24/2009 1:24:30 PM - System Checkpoint
RP264: 10/25/2009 2:13:01 PM - System Checkpoint
RP265: 10/26/2009 8:07:10 AM - Software Distribution Service 3.0
RP266: 10/27/2009 5:27:50 PM - System Checkpoint
RP267: 10/28/2009 6:27:43 PM - System Checkpoint
RP268: 10/29/2009 10:55:33 AM - Software Distribution Service 3.0
RP269: 10/30/2009 5:16:50 PM - System Checkpoint
RP270: 10/31/2009 5:27:20 PM - System Checkpoint
RP271: 11/1/2009 7:01:59 PM - System Checkpoint
RP272: 11/2/2009 9:08:16 AM - Software Distribution Service 3.0
RP273: 11/3/2009 9:58:01 AM - System Checkpoint

==== Installed Programs ======================

3DMark03
3DMark05
Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Verifier Database
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Boarder Zone Demo
Bonjour
Canon Creative 3
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CheckIt Diagnostics
ColorDesk Photo
ColorStore
Compatibility Administrator 3.0
CreataCard Special Edition - Canon 2
Critical Update for Windows Media Player 11 (KB959772)
Cross Fire En
Deer Hunter
Design Essentials
EA.com Matchup
EA.com Update
EPSON C120 User's Guide
EPSON Printer Software
EPSON Web-To-Page
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Highlight Viewer (Windows Live Toolbar)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hoyle Card Games
Hoyle Friday Night Poker
Intel® Graphics Media Accelerator Driver
iTunes
ItweakU Limited Edition
Java™ 6 Update 2
LimeWire 5.2.12
LivePix
LiveUpdate (Symantec Corporation)
MadOnion.com/3DMark2001 SE
MadOnion.com/PCMark2002
Map Button (Windows Live Toolbar)
Mavis Beacon Teaches Typing 9.0.0
MGI PhotoSuite III SE (Remove Only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Compatibility Analyzer 1.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Links 2003 Demo
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Application Compatibility Toolkit 3.0
Microsoft Windows Journal Viewer
MSN Music Assistant
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Need For Speed Hot Pursuit 2 Demo
Nero Media Player
Nero OEM
NeroVision Express 2
NHL 2001
NHL 2005
Operation
Paint Shop Pro 7
PCMark05
QuickTime
Realtek High Definition Audio Driver
Roll
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shaw Internet Update 3.2.2
Shaw Secure
Shaw Support 3.1
Sierra Utilities
Smart Menus (Windows Live Toolbar)
Sony Picture Utility
Spyware Doctor 6.0
Text Twist
The Print Shop Premier Edition 5.0
Tiger Woods PGA TOUR 2003 Demo
TrueType Font Installer
Tweakui Powertoy for Windows XP
Typing Tutor 10
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
URGE
Warblade Beta 11 Release 2
WebFldrs XP
Webshots!
Winamp3 (remove only)
Windows Application Verifier 2.50
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Peer-to-Peer SDK
Windows XP Service Pack 3
Windows XP Video Screensaver Powertoy
WinZip

==== Event Viewer Messages From Past Week ========

10/29/2009 8:58:34 AM, error: F-Secure Gatekeeper [1] -
10/29/2009 8:56:29 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
10/29/2009 8:56:26 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

==== End Of File ===========================

Thanks!!

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:01 PM

Posted 05 November 2009 - 03:56 PM

Hello, VancouverMark
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    [/list






    Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

    Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."







    Please download GMER from one of the following locations and save it to your desktop:[list]
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 VancouverMark

VancouverMark
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 10 November 2009 - 12:11 AM

Thanks! Here is the GMER log...

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-09 19:15:53
Windows 5.1.2600 Service Pack 3
Running: 50x57blg[1].exe; Driver: C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\fxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7703506]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcess [0xF7911C44]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcessEx [0xF7911C5E]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateThread [0xF7910E02]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7703CC8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7703F88]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwLoadDriver [0xF791112A]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwMapViewOfSection [0xF7910B4E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF77023EC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwOpenSection [0xF791155C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwRenameKey [0xF79127FA]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSetSystemInformation [0xF79113AC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF77037B8]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendProcess [0xF79109D4]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendThread [0xF7910E36]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSystemDebugControl [0xF7910FB0]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateProcess [0xF7910934]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateThread [0xF7910A8A]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwWriteVirtualMemory [0xF7910EFA]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [D4, 09, 91, F7, 36, 0E, 91, ...]
PAGE ntoskrnl.exe!IoCreateDevice 8059FA62 5 Bytes JMP F762CFC6 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisRegisterProtocol F75FD17F 5 Bytes JMP F762CDD8 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisOpenAdapter F75FD399 5 Bytes JMP F762D360 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisCloseAdapter F7607642 5 Bytes JMP F762CEE4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol F7607821 5 Bytes JMP F762D17C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets F760A810 5 Bytes JMP F762DBD8 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest F760A97B 5 Bytes JMP F762D578 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend F760D986 5 Bytes JMP F762E558 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets F760D9A3 5 Bytes JMP F762E62A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData F760D9BE 5 Bytes JMP F762DCD6 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoCreateVc F7614186 5 Bytes JMP F762CE42 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoDeleteVc F7615557 5 Bytes JMP F762CEB0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoSendPackets F7615AF1 5 Bytes JMP F762E342 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[160] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[160] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[160] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[160] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[160] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[160] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01620001
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[160] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[160] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[192] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\NOTEPAD.EXE[192] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\NOTEPAD.EXE[192] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\NOTEPAD.EXE[192] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\NOTEPAD.EXE[192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\NOTEPAD.EXE[192] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\NOTEPAD.EXE[192] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001
.text C:\WINDOWS\system32\NOTEPAD.EXE[192] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\NOTEPAD.EXE[192] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[192] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\QuickTime\QTTask.exe[224] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[224] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[224] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[224] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[224] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[224] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DA0001
.text C:\Program Files\QuickTime\QTTask.exe[224] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\QuickTime\QTTask.exe[224] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[312] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[312] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[312] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[312] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[312] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[312] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[312] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001
.text C:\WINDOWS\system32\ctfmon.exe[312] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\ctfmon.exe[312] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[376] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[376] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[376] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[376] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[376] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[376] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F30001
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[376] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[376] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00920001
.text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\shaw\bin\shawsupport.exe[468] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\shaw\bin\shawsupport.exe[468] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\shaw\bin\shawsupport.exe[468] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\shaw\bin\shawsupport.exe[468] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\shaw\bin\shawsupport.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\shaw\bin\shawsupport.exe[468] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\shaw\bin\shawsupport.exe[468] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02E60001
.text C:\Program Files\shaw\bin\shawsupport.exe[468] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\shaw\bin\shawsupport.exe[468] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[496] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[496] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[496] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[496] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[496] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[496] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[496] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015F0001
.text C:\WINDOWS\system32\csrss.exe[496] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\csrss.exe[496] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[520] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[520] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[520] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[520] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[520] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[520] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014E0001
.text C:\WINDOWS\system32\winlogon.exe[520] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\winlogon.exe[520] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[564] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[564] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[564] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[564] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[564] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[564] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001
.text C:\WINDOWS\system32\services.exe[564] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\services.exe[564] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[576] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[576] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[576] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[576] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[576] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01250001
.text C:\WINDOWS\system32\lsass.exe[576] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\lsass.exe[576] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[696] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[696] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[696] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[696] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[696] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[696] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[696] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[696] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[696] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[732] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
.text C:\WINDOWS\system32\svchost.exe[732] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[732] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010D0001
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe[820] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe[820] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe[820] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe[820] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe[820] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe[820] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe[820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00830001
.text C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe[820] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe[820] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe[820] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[848] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MsMpEng.exe[848] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[848] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MsMpEng.exe[848] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[848] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MsMpEng.exe[848] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Defender\MsMpEng.exe[848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 035D0001
.text C:\Program Files\Windows Defender\MsMpEng.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[848] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[904] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02B90001
.text C:\WINDOWS\System32\svchost.exe[904] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\svchost.exe[904] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe[956] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe[956] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe[956] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe[956] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe[956] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe[956] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe[956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 005B0001
.text C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe[956] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe[956] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe[956] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[980] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[980] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[980] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[980] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[980] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[980] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00690001
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[980] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[980] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\Common\FSMA32.EXE[1200] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FSMA32.EXE[1200] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\Common\FSMA32.EXE[1200] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FSMA32.EXE[1200] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\Common\FSMA32.EXE[1200] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FSMA32.EXE[1200] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\Common\FSMA32.EXE[1200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A70001
.text C:\Program Files\Shaw Secure\Common\FSMA32.EXE[1200] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\Common\FSMA32.EXE[1200] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[1332] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1332] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1332] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1332] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1332] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\WINDOWS\system32\spoolsv.exe[1332] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\spoolsv.exe[1332] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1380] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1380] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1380] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1380] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1380] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1380] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00800001
.text C:\Program Files\Bonjour\mDNSResponder.exe[1380] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1380] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe[1436] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe[1436] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe[1436] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe[1436] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe[1436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe[1436] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe[1436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A50001
.text C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe[1436] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe[1436] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1480] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1480] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1480] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1480] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[1480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1480] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1480] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013E0001
.text C:\WINDOWS\Explorer.EXE[1480] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\Explorer.EXE[1480] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE[1500] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE[1500] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE[1500] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE[1500] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE[1500] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE[1500] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE[1500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01400001
.text C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE[1500] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE[1500] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\Common\FSMB32.EXE[1596] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FSMB32.EXE[1596] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\Common\FSMB32.EXE[1596] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FSMB32.EXE[1596] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\Common\FSMB32.EXE[1596] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FSMB32.EXE[1596] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\Common\FSMB32.EXE[1596] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02340001
.text C:\Program Files\Shaw Secure\Common\FSMB32.EXE[1596] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\Common\FSMB32.EXE[1596] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe[1760] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe[1760] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe[1760] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe[1760] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe[1760] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe[1760] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe[1760] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00900001
.text C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe[1760] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe[1760] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe[1760] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1768] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1768] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1768] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1768] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1768] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1768] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1768] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1768] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[1900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02470001
.text C:\WINDOWS\RTHDCPL.EXE[1900] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\RTHDCPL.EXE[1900] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1976] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[1976] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[1976] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[1976] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[1976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[1976] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Defender\MSASCui.exe[1976] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text C:\Program Files\Windows Defender\MSASCui.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04320001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2016] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2016] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[2016] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2016] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[2016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2016] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[2016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04950001
.text C:\Program Files\iTunes\iTunesHelper.exe[2016] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2016] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\Common\FCH32.EXE[2068] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FCH32.EXE[2068] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\Common\FCH32.EXE[2068] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FCH32.EXE[2068] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\Common\FCH32.EXE[2068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FCH32.EXE[2068] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\Common\FCH32.EXE[2068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015B0001
.text C:\Program Files\Shaw Secure\Common\FCH32.EXE[2068] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\Common\FCH32.EXE[2068] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2072] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Shaw Secure\Common\FAMEH32.EXE[2196] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FAMEH32.EXE[2196] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\Common\FAMEH32.EXE[2196] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FAMEH32.EXE[2196] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\Common\FAMEH32.EXE[2196] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Common\FAMEH32.EXE[2196] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\Common\FAMEH32.EXE[2196] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017F0001
.text C:\Program Files\Shaw Secure\Common\FAMEH32.EXE[2196] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\Common\FAMEH32.EXE[2196] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe[2224] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe[2224] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe[2224] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe[2224] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe[2224] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe[2224] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe[2224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe[2224] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe[2224] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\FSPC\fspc.exe[2276] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSPC\fspc.exe[2276] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\FSPC\fspc.exe[2276] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSPC\fspc.exe[2276] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\FSPC\fspc.exe[2276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSPC\fspc.exe[2276] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\FSPC\fspc.exe[2276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010C0001
.text C:\Program Files\Shaw Secure\FSPC\fspc.exe[2276] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\FSPC\fspc.exe[2276] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe[2424] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe[2424] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe[2424] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe[2424] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe[2424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe[2424] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe[2424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 023E0001
.text C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe[2424] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe[2424] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KN89HCAY\50x57blg[1].exe[2444] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KN89HCAY\50x57blg[1].exe[2444] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KN89HCAY\50x57blg[1].exe[2444] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KN89HCAY\50x57blg[1].exe[2444] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KN89HCAY\50x57blg[1].exe[2444] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KN89HCAY\50x57blg[1].exe[2444] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KN89HCAY\50x57blg[1].exe[2444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KN89HCAY\50x57blg[1].exe[2444] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KN89HCAY\50x57blg[1].exe[2444] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KN89HCAY\50x57blg[1].exe[2444] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2580] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2580] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2580] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2580] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2580] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01490001
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2580] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2580] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[2648] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2648] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[2648] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2648] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[2648] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2648] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2648] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001
.text C:\WINDOWS\system32\svchost.exe[2648] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[2648] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2768] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2768] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2768] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2768] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2768] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2768] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01420001
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2768] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2768] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1B0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2768] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F170F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00970001
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2852] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\alg.exe[2900] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2900] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\alg.exe[2900] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2900] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[2900] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2900] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00870001
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe[3492] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe[3492] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe[3492] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe[3492] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe[3492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe[3492] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe[3492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006B0001
.text C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe[3492] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe[3492] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe[3492] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3784] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3784] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3784] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3784] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3784] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3784] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3784] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3784] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3784] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3832] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3832] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[3832] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3832] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[3832] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3832] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[3832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008B0001
.text C:\Program Files\iPod\bin\iPodService.exe[3832] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\iPod\bin\iPodService.exe[3832] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3832] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[3844] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[3844] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[3844] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[3844] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[3844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[3844] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[3844] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007B0001
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[3844] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[3844] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[3844] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00970001
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe[3952] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe[3952] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe[3952] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe[3952] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe[3952] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe[3952] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe[3952] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00910001
.text C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe[3952] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe[3952] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe[3952] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe[4064] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe[4064] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe[4064] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe[4064] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe[4064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe[4064] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe[4064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00750001
.text C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe[4064] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe[4064] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe[4064] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3900] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

---- EOF - GMER 1.0.15 ----

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:01 PM

Posted 10 November 2009 - 02:31 PM

Hi,


Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.







Step 2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<





Please post back with:
  • Malwarebytes-Logfile
  • Both RSIT-Logfiles

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 VancouverMark

VancouverMark
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 12 November 2009 - 10:56 AM

Thanks again schrauber! Here are the three logs as requested:

Malware Bytes Logfile:

Malwarebytes' Anti-Malware 1.41
Database version: 3143
Windows 5.1.2600 Service Pack 3

11/10/2009 8:13:11 PM
mbam-log-2009-11-10 (20-13-11).txt

Scan type: Quick Scan
Objects scanned: 129909
Time elapsed: 25 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\1234567890.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.


RSIT Logfiles:

info.txt logfile of random's system information tool 1.06 2009-11-10 20:26:59

======Uninstall list======

-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 /removeonly -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF35F637-72B9-43BE-A281-06EB2854393A}\Setup.exe" -l0x9
3DMark05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}\Setup.exe" -l0x9
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Verifier Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{448850f4-a5ea-4dd1-bf1b-d5fa285dc64b}.sdb"
ArcSoft PhotoImpression 6-->C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
Boarder Zone Demo-->D:\PROGRA~1\INFOGR~1\BOARDE~1\UNWISE.EXE D:\PROGRA~1\INFOGR~1\BOARDE~1\INSTALL.LOG
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Creative 3-->C:\PROGRA~1\CANONC~1\uninstcc.exe
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities ZoomBrowser EX-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
CheckIt Diagnostics-->MsiExec.exe /X{4B9B1B84-FEC0-46D5-BDB9-832565779422}
ColorDesk Photo-->C:\WINDOWS\CloseApp.exe C:\WINDOWS\uninst.exe -f"C:\Program Files\Canon Creative\ColorDesk Utilities\Photo\DeIsL1.isu"
ColorStore-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Canon Creative\colorsto\DeIsL1.isu"
Compatibility Administrator 3.0-->MsiExec.exe /I{7B7996D0-440C-4309-A35C-E5B873A1ED33}
CreataCard Special Edition - Canon 2-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Canon Creative\cacard\DeIsL1.isu"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cross Fire En-->"C:\Program Files\Subagames\CrossFire\unins000.exe"
Deer Hunter-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
Design Essentials-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Canon Creative\designe\DeIsL1.isu" -cC:\WINDOWS\system32\_UNODBC.DLL
EA.com Matchup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x9
EA.com Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x9
EPSON C120 User's Guide-->C:\Program Files\epson\guide\c120_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\Setup.exe" -l0x9 -anything
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hoyle Card Games-->C:\WINDOWS\IsUninst.exe -fd:\SIERRA\HCCG2\Uninst.isu
Hoyle Friday Night Poker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A17FD8C6-1AC2-46E7-AD0A-70C602C3504D}\setup.exe" -l0x9 -removeonly
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
ItweakU Limited Edition-->D:\PROGRA~1\ItweakU\UNWISE.EXE D:\PROGRA~1\ItweakU\INSTALL.LOG
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LimeWire 5.2.12-->"C:\Documents and Settings\New User\My Documents\My Music\LimeWire\uninstall.exe"
LivePix-->C:\WINDOWS\IsUninst.exe -f"d:\Program Files\LivePix 2.0\Uninst.isu"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
MadOnion.com/3DMark2001 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}\Setup.exe" -l0x9 uninstall -uninst
MadOnion.com/PCMark2002-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D81D227-790A-43D8-BD30-6A7935CD6837}\Setup.exe" -l0x9 uninstall -uninst
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Mavis Beacon Teaches Typing 9.0.0-->D:\PROGRA~1\MINDSC~1\MAVISB~1\UNINST.EXE
MGI PhotoSuite III SE (Remove Only)-->"D:\Program Files\MGI\MGI PhotoSuite III SE\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"D:\Program Files\MGI\MGI PhotoSuite III SE\Uninst.isu" -c"D:\Program Files\MGI\MGI PhotoSuite III SE\System\CustomUninstall.dll"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Application Compatibility Analyzer 1.0-->MsiExec.exe /I{A041AFEF-DD1B-4139-A1FC-2B0B39982806}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Links 2003 Demo-->"C:\Program Files\Microsoft Games\Links 2003 Demo\UNINSTAL.EXE" /runtemp /addremove
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Plus! for Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Need For Speed Hot Pursuit 2 Demo-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{69EA6470-D4D3-49A3-89C8-0530C416ADB9}
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NHL 2001-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBA471C0-5EF2-11D4-0091-A500A0245DC0}\setup.exe" -l0x9 Uninstall
NHL 2005-->C:\Program Files\EA SPORTS\NHL 2005\EAUninstall.exe
Operation-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PCMark05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C104E56-A441-429D-A609-D8A46EB92EA1}\setup.exe" -l0x9 -removeonly
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roll-->C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shaw Internet Update 3.2.2-->"C:\Progra~1\Shaw\Update\unins000.exe"
Shaw Secure-->"C:\Program Files\Shaw Secure\FSGUI\PostInstall.exe" /tUnInstall
Shaw Support 3.1-->"C:\Program Files\shaw\unins000.exe"
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Text Twist-->MsiExec.exe /X{ADC4B5E2-AE11-A2BE-7EE5-4AED8B12145B}
The Print Shop Premier Edition 5.0-->C:\WINDOWS\uninst.exe -f"C:\The Print Shop Products\The Print Shop Premier Edition 5.0\DeIsL1.isu" -c"C:\The Print Shop Products\The Print Shop Premier Edition 5.0\psfinst.dll"
Tiger Woods PGA TOUR 2003 Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2003 Demo\Setup.exe" -l0x9 anything
TrueType Font Installer-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Canon Creative\ttinstal\DeIsL1.isu"
Tweakui Powertoy for Windows XP-->MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Typing Tutor 10-->C:\WINDOWS\Uninstall Typing Tutor 10.exe
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Warblade Beta 11 Release 2-->"d:\Program Files\Warblade\unins000.exe"
Webshots!-->C:\WINDOWS\WebshotsUninstall.exe
Winamp3 (remove only)-->d:\Program Files\Winamp3\uninst-wa3.EXE
Windows Application Verifier 2.50-->MsiExec.exe /I{8BF62BB1-C646-41A1-A14A-29CA2460F087}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Peer-to-Peer SDK-->MsiExec.exe /I{34F12AE7-3B48-473F-8B1D-D60B26416D0B}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows XP Video Screensaver Powertoy-->C:\WINDOWS\System32\unins000.exe
WinZip-->"d:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: Shaw Secure 8.02
FW: Shaw Secure 8.02

======System event log======

Computer Name: JANET
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 49558
Source Name: Tcpip
Time Written: 20091004200909.000000-420
Event Type: warning
User:

Computer Name: JANET
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 49557
Source Name: Tcpip
Time Written: 20091004191703.000000-420
Event Type: warning
User:

Computer Name: JANET
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 49548
Source Name: Tcpip
Time Written: 20091004162603.000000-420
Event Type: warning
User:

Computer Name: JANET
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 49502
Source Name: W32Time
Time Written: 20091003220856.000000-420
Event Type: warning
User:

Computer Name: JANET
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 49477
Source Name: Tcpip
Time Written: 20091003113300.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: JANET
Event Code: 12001
Message:
Record Number: 34223
Source Name: usnjsvc
Time Written: 20090914210955.000000-420
Event Type:
User:

Computer Name: JANET
Event Code: 12001
Message:
Record Number: 34135
Source Name: usnjsvc
Time Written: 20090912095300.000000-420
Event Type:
User:

Computer Name: JANET
Event Code: 12001
Message:
Record Number: 34115
Source Name: usnjsvc
Time Written: 20090911191344.000000-420
Event Type:
User:

Computer Name: JANET
Event Code: 12001
Message:
Record Number: 34035
Source Name: usnjsvc
Time Written: 20090909151015.000000-420
Event Type:
User:

Computer Name: JANET
Event Code: 101
Message: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Record Number: 34022
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090909081304.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: JANET
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: DCOMSCM

Record Number: 184414
Source Name: Security
Time Written: 20091023084120.000000-420
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: JANET
Event Code: 518
Message: An notification package has been loaded by the Security Account Manager.
This package will be notified of any account or password changes.


Notification Package Name: scecli

Record Number: 184413
Source Name: Security
Time Written: 20091023084120.000000-420
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: JANET
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: Winlogon\MSGina

Record Number: 184412
Source Name: Security
Time Written: 20091023084120.000000-420
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: JANET
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: Winlogon

Record Number: 184411
Source Name: Security
Time Written: 20091023084120.000000-420
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: JANET
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: KSecDD

Record Number: 184410
Source Name: Security
Time Written: 20091023084120.000000-420
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\AOpen\Common\.;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by New User at 2009-11-10 20:26:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 84 GB (75%) free of 111 GB
Total RAM: 767 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:48 PM, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\shaw\bin\shawsupport.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GRYJOFU2\RSIT[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\New User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = with Microsoft Internet Explorer and Leswick Computers
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Shaw Support.lnk = C:\Program Files\shaw\bin\shawsupport.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\New User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/KO-KR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140151402144
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://webmap.abbotsford.ca/WebMap/AppRequirements/Acgm.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ,vc.shawcable.net,vc.shawcable.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ,vc.shawcable.net,vc.shawcable.net
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1ca12dd47717200) (gupdate1ca12dd47717200) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12839 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
C:\WINDOWS\tasks\Scheduled scanning task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
ALOT Toolbar - C:\Program Files\alot\bin\alot.dll [2007-11-15 554280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-26 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-25 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-26 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - ALOT Toolbar - C:\Program Files\alot\bin\alot.dll [2007-11-15 554280]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-26 256112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-18 14820864]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-08-24 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-08-24 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-08-24 114688]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"F-Secure Manager"=C:\Program Files\Shaw Secure\Common\FSM32.EXE [2009-02-19 182936]
"F-Secure TNB"=C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe [2009-02-19 957024]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"shawnotify"=c:\progra~1\shaw\update\siuloader.exe [2009-05-11 378152]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-11 68856]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^New User^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2006-12-06 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Shaw Support.lnk - C:\Program Files\shaw\bin\shawsupport.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-08-24 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-02 402736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"UseDesktopIniCache"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\New User\My Documents\My Music\LimeWire\LimeWire.exe"="C:\Documents and Settings\New User\My Documents\My Music\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b97b1ff7-7a9f-11da-b7ef-806d6172696f}]
shell\AutoRun\command - G:\setup.EXE /AUTORUN
shell\configure\command - G:\setup.EXE
shell\install\command - G:\setup.EXE


======List of files/folders created in the last 1 months======

2009-11-10 20:26:33 ----D---- C:\rsit
2009-11-10 19:17:22 ----D---- C:\Documents and Settings\New User\Application Data\Malwarebytes
2009-11-10 19:17:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-10 19:17:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-08 07:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-11-07 19:53:28 ----D---- C:\Program Files\Microsoft Sync Framework
2009-11-07 19:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-11-07 19:40:41 ----D---- C:\Program Files\Microsoft
2009-11-07 19:40:12 ----D---- C:\Program Files\Windows Live SkyDrive
2009-11-07 18:28:05 ----D---- C:\Program Files\Common Files\Windows Live
2009-10-27 21:36:24 ----D---- C:\Program Files\Trend Micro
2009-10-14 21:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 21:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 21:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 21:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 21:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 21:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 21:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 21:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 20:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

======List of files/folders modified in the last 1 months======

2009-11-10 20:26:48 ----D---- C:\WINDOWS\Temp
2009-11-10 20:26:26 ----D---- C:\WINDOWS\Prefetch
2009-11-10 20:23:17 ----SD---- C:\WINDOWS\Tasks
2009-11-10 20:19:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-10 20:18:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-10 20:18:02 ----D---- C:\WINDOWS\system32\drivers
2009-11-10 20:16:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-10 20:13:11 ----SHD---- C:\RECYCLER
2009-11-10 20:10:34 ----A---- C:\WINDOWS\webshots.ini
2009-11-10 19:27:26 ----D---- C:\Program Files\Shaw Secure
2009-11-10 19:17:04 ----D---- C:\Program Files
2009-11-10 16:11:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-11-10 15:33:47 ----D---- C:\Program Files\Spyware Doctor
2009-11-08 21:29:39 ----D---- C:\Documents and Settings\New User\Application Data\LimeWire
2009-11-08 19:59:01 ----D---- C:\Documents and Settings\New User\Application Data\Apple Computer
2009-11-08 07:42:14 ----D---- C:\WINDOWS
2009-11-08 07:40:43 ----D---- C:\WINDOWS\system32
2009-11-08 07:31:21 ----SHD---- C:\WINDOWS\Installer
2009-11-08 07:29:23 ----HD---- C:\WINDOWS\inf
2009-11-08 07:29:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-08 07:16:39 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-07 22:50:31 ----RSD---- C:\WINDOWS\assembly
2009-11-07 22:47:04 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-07 19:57:54 ----SD---- C:\Documents and Settings\New User\Application Data\Microsoft
2009-11-07 19:55:57 ----D---- C:\Program Files\Windows Live
2009-11-07 19:54:47 ----D---- C:\Program Files\Windows Live Toolbar
2009-11-07 19:53:30 ----D---- C:\WINDOWS\WinSxS
2009-11-07 19:53:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-07 19:48:35 ----D---- C:\WINDOWS\system32\DirectX
2009-11-07 19:48:13 ----A---- C:\WINDOWS\imsins.BAK
2009-11-07 18:28:05 ----D---- C:\Program Files\Common Files
2009-11-07 07:58:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-04 12:01:52 ----D---- C:\WINDOWS\ie8updates
2009-11-02 20:42:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-10-30 17:40:19 ----D---- C:\TEMP
2009-10-22 01:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-15 16:36:34 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-14 21:08:02 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-10-30 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-10-30 81288]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-06-10 327040]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM); C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 37120]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 OpenDrvII;AOpen OpenCLibv4 Driver; C:\WINDOWS\system32\DRIVERS\OpenDrvII.sys [2004-08-31 4736]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-01-30 10368]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-14 71168]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 CDRPDACC;Arrowkey Device Access; \??\d:\Program Files\321Studios\Shared\CDRPDACC.SYS []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-07-21 120062]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-07-21 96858]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-26 2284864]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-06-10 701440]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-12-17 42368]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\Subagames\CrossFire\GameGuard\dump_wmimmc.sys []
S3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS []
S3 EzInstall;EzInstall; \??\G:\ezinstall\EzInstall.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-08-24 1052732]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-18 3856896]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-06-10 13824]
S3 N5SG;Airlink101 SuperG Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\N5SG.sys [2006-11-03 467040]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-06-10 1897408]
S3 OpenDrvKmd;OpenDrvKmd; \??\C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\CheckModel.tmp\OpenDrvKmd.sys []
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-06-10 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WINFLASH;WINFLASH; \??\C:\WINDOWS\system32\DRIVERS\WINFLASH.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-23 243064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe [2009-02-19 215648]
R2 FSMA;FSMA; C:\Program Files\Shaw Secure\Common\FSMA32.EXE [2009-02-19 117400]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe [2009-02-19 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe [2009-02-19 510560]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe [2009-02-19 55904]
R3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 gupdate1ca12dd47717200;Google Update Service (gupdate1ca12dd47717200); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-01 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des -service []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:01 PM

Posted 12 November 2009 - 03:10 PM

Hi,

How is your system running?



Step 1

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.








Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 VancouverMark

VancouverMark
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 13 November 2009 - 01:39 PM

schrauber,

It appears that after running TFC I cannot locate any of my saved files or programs (i.e. Microsoft Word etc). I'm kind of concerned about that obviously. Here si the log file from ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2aa405b84e436a479c3752a25a1a369e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-13 04:41:35
# local_time=2009-11-12 08:41:35 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 453630 453630 0 0
# compatibility_mode=2305 16775125 100 99 0 22121552 1258025814 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5889 16768382 100 94 70524953 94555018 0 71469414
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=66515
# found=0
# cleaned=0
# scan_time=3898

Thanks....

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:01 PM

Posted 13 November 2009 - 02:15 PM

It appears that after running TFC I cannot locate any of my saved files or programs (i.e. Microsoft Word etc)


What?

Can't be, TFC only cleans temp-files.

Please reboot again and tell me whats going on there.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 VancouverMark

VancouverMark
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 13 November 2009 - 02:34 PM

schrauber,

I have rebooted twice and still no documents. I get a Windows Defender error upon reboot and the desktop is completely blank aside from the Recycle Bin and the TFC.EXE file. Shortcut paths no longer work and my program list on the start menu is virtually empty. Of paramount importance to me now is recovering my files. Please advise.

Mark

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:01 PM

Posted 14 November 2009 - 08:00 AM

Hi,

please press CTRL+ALT+DEL to enter the taskmanager. Now please click on new task and type explorer.exe and hit enter.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:01 PM

Posted 19 November 2009 - 12:17 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users