Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP: Hooked by '<unknown>" at address


  • This topic is locked This topic is locked
15 replies to this topic

#1 mbwiles

mbwiles

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Winston-Salem, NC
  • Local time:08:42 PM

Posted 30 October 2009 - 12:40 AM

I had posted this original problem in the Windows XP forum & it was moved to "Am I infected?"

I am running XP and my computer seems to boot fine. However, I cannot seem to open any program or file.

1) Nothing happens when I double-click an icon.
2) I cannot right-click an icon to get a menu.
3) I cannot select an item from the start menu, either with the mouse or a keyboard command.
4) Ctrl+alt+del command does not seem to work.

Am going to see if I can start up in Safe mode and run anti-malware software (or anything) that way.

Help?


After I was able to get into safe mode, I was directed to download rkill.scr and RootRepeal

Once I confirmed I was able to run those programs, I was directed here & followed the instructions for posting/attaching the DDS & RootRepeal logs below. I have not had the same "symptoms" again as originally described above, although this was the second time it happened & there was a period in between without incident.

Please advise, and thanks in advance for your help - I so appreciate what all of y'all do!




DDS (Ver_09-10-26.01) - NTFSx86
Run by Brannon Wiles at 17:47:00.20 on Thu 10/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.798 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\NetNanny\Internet Protection\cwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\NetNanny\Internet Protection\cwtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brannon Wiles\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearchMigratedDefaultUrl =

hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm028YYUS&fl=0&ptb=J_pDJ1ZFOcMYwcerR8WgLA&url=http://edits.mywebsearch.co

m/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF Converter Registry Controller] "c:\program files\pdf converter\pdfconv\\RegistryController.exe"
mRun: [GoToMyPC] c:\program files\citrix\gotomypc\g2svc.exe -logon
mRun: [eFax 4.2] "c:\program files\efax messenger 4.2\J2GDllCmd.exe" /R
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [cwcptray] c:\program files\netnanny\internet protection\cwtray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
StartupFolder: c:\docume~1\branno~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk -

c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax42~1.lnk - c:\program files\efax messenger 4.2\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital

imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital

imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital

imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common

files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open PDF in Word (PDF Converter 2.0) - c:\program files\pdf converter\pdfconv\IEShellExt.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115141329921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165266030406
DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} - hxxps://www20.wirelesssync.vzw.com/en/SyncInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
AppInit_DLLs: gdotvs.dll vppojt.dll lkcfwi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\branno~1\applic~1\mozilla\firefox\profiles\yhfo2woy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.variety.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\brannon wiles\application

data\mozilla\firefox\profiles\yhfo2woy.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp

071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-10 108289]
R2 CwAltaService20;ContentWatch;c:\program files\netnanny\internet protection\cwsvc.exe [2009-4-14 2072384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 210216]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2007-11-18

810632]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-4-28 57344]

=============== Created Last 30 ================

2009-10-26 01:40:51 0 ----a-w- c:\documents and settings\brannon wiles\settings.dat

==================== Find3M ====================

2009-10-01 19:05:18 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2009-10-01 19:05:18 151552 ----a-w- c:\windows\system32\libexpat.dll
2009-10-01 19:05:17 991232 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2009-10-01 19:05:17 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2009-10-01 19:05:17 666624 ----a-w- c:\windows\system32\cwalsp.dll
2009-10-01 19:05:17 1859584 ----a-w- c:\windows\system32\AltaRecovery.exe
2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 18:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-22 22:00:48 158239 ----a-w- c:\windows\hpoins43.dat
2009-08-19 02:01:35 256 ----a-w- c:\documents and settings\brannon wiles\pool.bin
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 12:42:54 108832 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 00:44:46 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-03 19:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-06-02 09:51:45 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 17:48:25.78 ===============


ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/10/25 21:41
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA2E68000 Size: 872448 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9EEF0000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\sqlite_7ucwnnt4wwxx53v
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_h3tydg8zosqexji
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_wesh8yfatnlmq1w
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_z20plcnjxm93zr2
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_tnkbxbrwmdq0wkb
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\brannon wiles\local settings\temp\etilqs_4k6d8agzuvolfbioh4zt
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\brannon wiles\local settings\temp\etilqs_jduknul2ja8gdaml6pgg
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\documents and settings\brannon wiles\local settings\temp\etilqs_kqkhslhfed0ncxxuyaag
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\brannon wiles\local settings\temp\etilqs_vd7ux2ueigbfmlubcbjt
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Brannon Wiles\Local Settings\Application Data\Microsoft\Outlook\MBWOUT~1.PST:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xba79c23e

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xba79c234

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xba79c243

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xba79c24d

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xba79c252

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xba79c220

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xba79c225

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xba79c25c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xba79c257

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xba79c248

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xa30850b0

==EOF=

Attached Files



BC AdBot (Login to Remove)

 


#2 mbwiles

mbwiles
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Winston-Salem, NC
  • Local time:08:42 PM

Posted 04 November 2009 - 01:46 PM

It appears a number of people have read my post, but I don't have any replies -- does this mean I'm okay based on the logs posted, or do I need to continue to wait until someone has time to evaluate?

Please advise - and thanks!

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:42 AM

Posted 06 November 2009 - 02:22 AM

Hello :(

Step #1
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

My Way Search Assistant


Step #2
Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Reboot your computer.

Step #3
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program files\MyWebSearch or MyWeb or similar.


Step #4
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Step #5
Please post Mbam results and a fresh DDS logs back here :(
Posted Image

#4 mbwiles

mbwiles
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Winston-Salem, NC
  • Local time:08:42 PM

Posted 09 November 2009 - 08:14 AM

1. Nothing on "My Way Search Assistant."
2. ATF Cleaner seemed to run fine.
3. No "MyWebSearch" or "MyWeb" or anything similar I could see.
4. MBAM & DDS logs posted below.

I'll await reply -- thank you!!!

Brannon


___________________

Malwarebytes' Anti-Malware 1.41
Database version: 3131
Windows 5.1.2600 Service Pack 3

11/9/2009 2:10:54 AM
mbam-log-2009-11-09 (02-10-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 279907
Time elapsed: 1 hour(s), 53 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

______________

DDS (Ver_09-10-26.01) - NTFSx86
Run by Brannon Wiles at 8:05:55.64 on Mon 11/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1147 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\NetNanny\Internet Protection\cwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\NetNanny\Internet Protection\cwtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Brannon Wiles\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm028YYUS&fl=0&ptb=J_pDJ1ZFOcMYwcerR8WgLA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF Converter Registry Controller] "c:\program files\pdf converter\pdfconv\\RegistryController.exe"
mRun: [GoToMyPC] c:\program files\citrix\gotomypc\g2svc.exe -logon
mRun: [eFax 4.2] "c:\program files\efax messenger 4.2\J2GDllCmd.exe" /R
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [cwcptray] c:\program files\netnanny\internet protection\cwtray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
StartupFolder: c:\docume~1\branno~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax42~1.lnk - c:\program files\efax messenger 4.2\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open PDF in Word (PDF Converter 2.0) - c:\program files\pdf converter\pdfconv\IEShellExt.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115141329921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165266030406
DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} - hxxps://www20.wirelesssync.vzw.com/en/SyncInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
AppInit_DLLs: gdotvs.dll vppojt.dll lkcfwi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\branno~1\applic~1\mozilla\firefox\profiles\yhfo2woy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.variety.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\brannon wiles\application data\mozilla\firefox\profiles\yhfo2woy.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-10 108289]
R2 CwAltaService20;ContentWatch;c:\program files\netnanny\internet protection\cwsvc.exe [2009-4-14 2072384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 210216]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2007-11-18 810632]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-4-28 57344]

=============== Created Last 30 ================

2009-10-26 01:40:51 0 ----a-w- c:\documents and settings\brannon wiles\settings.dat

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-01 19:05:18 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2009-10-01 19:05:18 151552 ----a-w- c:\windows\system32\libexpat.dll
2009-10-01 19:05:17 991232 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2009-10-01 19:05:17 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2009-10-01 19:05:17 666624 ----a-w- c:\windows\system32\cwalsp.dll
2009-10-01 19:05:17 1859584 ----a-w- c:\windows\system32\AltaRecovery.exe
2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 18:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-22 22:00:48 158239 ----a-w- c:\windows\hpoins43.dat
2009-08-19 02:01:35 256 ----a-w- c:\documents and settings\brannon wiles\pool.bin
2009-06-02 09:51:45 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 8:07:17.75 ===============

Attached Files



#5 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:42 AM

Posted 09 November 2009 - 08:41 AM

Hello :(

Are you sure there's no "My Way Search Assistant"? DDS report shows that theres program named as My Way Search Assistant.
If there is, please uninstall it.



Step #1
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Mcafee or Antivir. I recommend remove Antivir because if you are going to remove Mcafee, you will also lose your Firewall.


Step #2
Backup Your Registry with ERUNT
  • Please click HERE to download Erunt.zip
  • Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please run Notepad and paste the following text into a new file:

REGEDIT4

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.


Step #3
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Step #4
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version.
To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.


Step #5
Please post fresh DDS logs and Eset results back here :(
How's your computer working?
Posted Image

#6 mbwiles

mbwiles
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Winston-Salem, NC
  • Local time:08:42 PM

Posted 10 November 2009 - 07:12 AM

Thank you. :(

I see where "My Way Search Assistant" appeared in the DDS log, but I did not see it in either the "Add/Remove Programs" window in the control panel or in C:\Program Files.

Another site suggested going to the Start Menu & Run command & entering this:
msiexec.exe /x{78d944d7-a97b-4004-ab0a-b5ad06839940}

A removal window came up for "My Way Search Assistant" and it seemed to remove it - we'll see!

As for your other suggestions:

1) I have removed AntiVir. FYI, I had used McAfee as primary virus software but downloaded AntiVir at the recommendation of someone in another forum during another search for a RootKit infection. It has a "Local Search" function (or something) which seemed to focus on rootkits. Occasionally it has found things not showing up in other spyware or virus scans -- is it possible to have both programs & just disable the "real-time" function of AntiVir? Just curious.

2) Done.

3) Done. No report generated because no threats found.

4) Done.

5) Done - DDS results posted & attached. FYI, After finishing ESET scan.

Had to re-start at one point after running ESET because I was having the exact same problem that prompted the first post (unable to click items on start menu). So not really sure how the computer is running at the moment after all this...

Thank you!!! :(
Will await further instruction...


*********************

DDS (Ver_09-10-26.01) - NTFSx86
Run by Brannon Wiles at 7:01:47.50 on Tue 11/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1217 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\NetNanny\Internet Protection\cwsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\NetNanny\Internet Protection\cwtray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Brannon Wiles\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm028YYUS&fl=0&ptb=J_pDJ1ZFOcMYwcerR8WgLA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF Converter Registry Controller] "c:\program files\pdf converter\pdfconv\\RegistryController.exe"
mRun: [GoToMyPC] c:\program files\citrix\gotomypc\g2svc.exe -logon
mRun: [eFax 4.2] "c:\program files\efax messenger 4.2\J2GDllCmd.exe" /R
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [cwcptray] c:\program files\netnanny\internet protection\cwtray.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
StartupFolder: c:\docume~1\branno~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax42~1.lnk - c:\program files\efax messenger 4.2\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open PDF in Word (PDF Converter 2.0) - c:\program files\pdf converter\pdfconv\IEShellExt.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115141329921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165266030406
DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} - hxxps://www20.wirelesssync.vzw.com/en/SyncInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
AppInit_DLLs: gdotvs.dll vppojt.dll lkcfwi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\branno~1\applic~1\mozilla\firefox\profiles\yhfo2woy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.variety.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\brannon wiles\application data\mozilla\firefox\profiles\yhfo2woy.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 CwAltaService20;ContentWatch;c:\program files\netnanny\internet protection\cwsvc.exe [2009-4-14 2072384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 210216]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2007-11-18 810632]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-4-28 57344]

=============== Created Last 30 ================

2009-11-10 06:26:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-09 16:42:36 0 d-----w- c:\program files\ESET
2009-10-26 01:40:51 0 ----a-w- c:\documents and settings\brannon wiles\settings.dat

==================== Find3M ====================

2009-11-10 06:25:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-01 19:05:18 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2009-10-01 19:05:18 151552 ----a-w- c:\windows\system32\libexpat.dll
2009-10-01 19:05:17 991232 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2009-10-01 19:05:17 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2009-10-01 19:05:17 666624 ----a-w- c:\windows\system32\cwalsp.dll
2009-10-01 19:05:17 1859584 ----a-w- c:\windows\system32\AltaRecovery.exe
2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-22 22:00:48 158239 ----a-w- c:\windows\hpoins43.dat
2009-08-19 02:01:35 256 ----a-w- c:\documents and settings\brannon wiles\pool.bin
2009-06-02 09:51:45 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 7:02:46.82 ===============

Attached Files



#7 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:42 AM

Posted 10 November 2009 - 08:29 AM

Hello

Let's do Step #2 again because there was mistake in my code...

Backup Your Registry with ERUNT
Click Erunt.exe to backup your registry to the folder of your choice.


Please run Notepad and paste the following text into a new file:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Reboot your computer



You have many startup programs so I recommend you to use Malwarebytes' StartupLite to disable unnecessary programs. :(
You can read more and download the program here:
http://www.malwarebytes.org/startuplite.php


After all please post DDS log back here. (attach isn't needed) :(

Ps. I would not recommend have antivir installed because it may still cause problems with Mcafee and other programs. Have only one antivirus program installed.

Edited by Baabiouz, 10 November 2009 - 08:31 AM.

Posted Image

#8 mbwiles

mbwiles
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Winston-Salem, NC
  • Local time:08:42 PM

Posted 13 November 2009 - 12:40 AM

Sorry this took a couple of days to reply. :( I started with the reg.fix file but was interrupted. When I came back a couple of days later, I had forgotten whether I done the step or not. In the meantime, it appeared the original problem about which I posted (see way below) came back - no ability to double-click program icons either on the start menu or desktop so I couldn't run anything.

I re-booted into safe mode, ran the reg.fix with the text you quoted copied from Notepad. When I rebooted into Normal mode it seemed to work fine.

I then ran StartUpLite a couple of times & definitely disabled & removed some items, but it seems like there are MANY more things involved with Startup that slow it down still. I guess it's better, though.

Here's the DDS log:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Brannon Wiles at 17:25:01.48 on Thu 03/17/2005
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1245 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\NetNanny\Internet Protection\cwsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\NetNanny\Internet Protection\cwtray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Documents and Settings\Brannon Wiles\Desktop\dds.scr
C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsiExec.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm028YYUS&fl=0&ptb=J_pDJ1ZFOcMYwcerR8WgLA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF Converter Registry Controller] "c:\program files\pdf converter\pdfconv\\RegistryController.exe"
mRun: [GoToMyPC] c:\program files\citrix\gotomypc\g2svc.exe -logon
mRun: [eFax 4.2] "c:\program files\efax messenger 4.2\J2GDllCmd.exe" /R
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [cwcptray] c:\program files\netnanny\internet protection\cwtray.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
StartupFolder: c:\docume~1\branno~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax42~1.lnk - c:\program files\efax messenger 4.2\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open PDF in Word (PDF Converter 2.0) - c:\program files\pdf converter\pdfconv\IEShellExt.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115141329921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165266030406
DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} - hxxps://www20.wirelesssync.vzw.com/en/SyncInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\branno~1\applic~1\mozilla\firefox\profiles\yhfo2woy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.variety.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\brannon wiles\application data\mozilla\firefox\profiles\yhfo2woy.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 CwAltaService20;ContentWatch;c:\program files\netnanny\internet protection\cwsvc.exe [2009-4-14 2072384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 210216]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

=============== Created Last 30 ================

2009-11-10 06:26:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-09 16:42:36 0 d-----w- c:\program files\ESET
2009-10-26 01:40:51 0 ----a-w- c:\documents and settings\brannon wiles\settings.dat
2009-09-26 22:29:43 0 d-----w- c:\program files\iPod
2009-09-26 22:29:37 0 d-----w- c:\program files\iTunes
2009-09-26 22:29:37 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 17:33:10 0 d-----w- c:\docume~1\branno~1\applic~1\Office Genuine Advantage
2009-09-09 04:56:53 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-05 05:54:48 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 05:54:48 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-03 12:32:43 0 d-----w- c:\program files\Research In Motion
2009-08-22 22:25:36 0 d-----w- c:\docume~1\branno~1\applic~1\HpUpdate
2009-08-22 21:52:03 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2009-08-22 21:47:34 966656 ----a-w- c:\windows\system32\hpost_p02c.dll
2009-08-22 21:47:34 712704 ----a-w- c:\windows\system32\hposwia_p02c.dll
2009-08-22 21:47:34 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2009-08-22 21:47:34 315392 ----a-w- c:\windows\system32\hposc_p02a.dll
2009-08-22 21:47:34 309760 ----a-w- c:\windows\system32\difxapi.dll
2009-08-22 21:47:27 452408 ----a-w- c:\windows\system32\hpzids01.dll
2009-08-22 21:45:06 608 ------w- c:\windows\hpomdl43.dat
2009-08-22 21:45:06 158239 ----a-w- c:\windows\hpoins43.dat
2009-08-16 02:55:01 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-16 02:54:56 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 03:15:23 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2009-08-06 11:51:53 0 d-----w- c:\windows\system32\XPSViewer
2009-08-06 11:44:36 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 11:44:36 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 11:44:35 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 11:44:35 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 11:44:35 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 11:44:34 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 11:44:34 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 11:44:32 0 d-----w- C:\cd74e03c98a3842dad8eb89ed6bf
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-03 19:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-17 19:01:06 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-07-17 16:22:18 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-07-17 13:24:38 256 ----a-w- c:\documents and settings\brannon wiles\pool.bin
2009-06-25 08:25:26 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25:26 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 08:25:26 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-24 11:18:41 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 14:36:30 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-06-12 12:31:40 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 12:31:39 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-06-11 19:46:29 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c9eacd5063df0c.mof
2009-06-11 04:01:28 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 04:01:27 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 14:13:29 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 13:19:38 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 06:14:49 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-06-02 06:16:22 0 d-sh--w- c:\documents and settings\brannon wiles\IECompatCache
2009-06-02 06:14:15 0 d-sh--w- c:\documents and settings\brannon wiles\PrivacIE
2009-06-02 06:02:37 0 d-sh--w- c:\documents and settings\brannon wiles\IETldCache
2009-06-02 05:41:20 0 d-----w- c:\windows\ie8updates
2009-06-02 05:39:09 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-02 05:34:35 0 dc-h--w- c:\windows\ie8
2009-05-10 21:35:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 23:21:12 34660 ----a-w- c:\windows\system32\AAWService_2009_05_07_19_21_12.dmp
2009-05-07 22:05:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-07 22:05:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-07 22:05:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-07 15:32:35 345600 ------w- c:\windows\system32\dllcache\localspl.dll
2009-04-19 12:51:54 0 d-----w- c:\windows\Cache
2009-04-19 12:51:53 0 d-----w- c:\program files\Coupons
2009-04-15 14:51:25 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-15 14:09:14 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c9bdd3c1df4e9a.mof
2009-04-15 04:49:43 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-04-15 04:49:42 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 04:49:42 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-04-15 04:49:42 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-04-15 04:49:41 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 04:49:41 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 04:49:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 04:49:40 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 04:49:40 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 04:49:40 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 04:48:06 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-04-15 04:48:05 1203922 ------w- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 04:48:04 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 00:35:37 0 d-----w- c:\program files\NetNanny
2009-04-14 22:34:18 0 d-----w- c:\documents and settings\brannon wiles\ContentWatch
2009-04-07 22:04:23 0 d-----w- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-21 14:06:58 989696 ------w- c:\windows\system32\dllcache\kernel32.dll
2009-03-17 22:08:17 0 d-----w- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 22:04:51 0 d-----w- c:\program files\Bonjour
2009-03-17 21:58:21 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-08 18:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 18:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 18:21:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 18:20:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui
2009-03-03 23:36:35 1071 ----a-w- c:\windows\AWMODEM.INF
2009-03-03 19:42:00 0 d-----w- c:\docume~1\alluse~1\applic~1\ATTToolbar
2009-03-03 19:41:58 0 d-----w- c:\program files\ATTToolbar
2009-03-03 19:41:58 0 d-----w- c:\docume~1\branno~1\applic~1\ATTToolbar
2009-03-03 19:39:51 0 d-----w- c:\program files\ATT-SST
2009-03-03 18:15:18 0 d-----w- c:\program files\Yahoo!
2009-02-27 20:33:47 40960 ----a-w- c:\windows\system32\SPORDER.EXE
2009-02-27 20:33:46 151552 ----a-w- c:\windows\system32\libexpat.dll
2009-02-27 20:33:40 0 d-----w- c:\docume~1\alluse~1\applic~1\ContentWatch
2009-02-26 22:37:59 0 d-----w- c:\program files\att-nap
2009-02-26 22:37:36 0 d-----w- c:\program files\common files\Motive
2009-02-21 07:24:28 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-21 07:24:09 0 d-----w- c:\program files\SUPERAntiSpyware
2009-02-21 07:24:08 0 d-----w- c:\docume~1\branno~1\applic~1\SUPERAntiSpyware.com
2009-02-20 22:09:58 0 d-----w- C:\FixCombo
2009-02-20 22:06:19 0 d-----w- c:\program files\CCleaner
2009-02-20 21:38:15 0 d-sha-r- C:\cmdcons
2009-02-20 21:19:38 0 d-----w- C:\Malware Fix
2009-02-20 18:35:02 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-20 18:35:01 0 d-----w- c:\docume~1\branno~1\applic~1\Spyware Terminator
2009-02-20 18:35:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-02-20 18:34:59 0 d-----w- c:\program files\Spyware Terminator
2009-02-20 17:52:49 0 d-----w- c:\docume~1\branno~1\applic~1\Malwarebytes
2009-02-20 17:52:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-19 21:47:30 507904 ----a-r- c:\windows\system32\btwapi.dll
2009-02-18 22:15:06 25764 ----a-w- c:\windows\system32\AAWService_2009_02_18_17_15_06.dmp
2009-02-18 05:47:09 22130 ----a-w- c:\windows\system32\AAWService_2009_02_18_00_47_09.dmp
2009-02-18 02:21:50 22908 ----a-w- c:\windows\system32\AAWService_2009_02_17_21_21_50.dmp
2009-02-17 20:30:14 21749 ----a-w- c:\windows\system32\AAWService_2009_02_17_15_30_14.dmp
2009-02-17 18:23:58 0 d-----w- c:\program files\Lavasoft
2009-02-13 02:20:42 5630 ------w- c:\windows\system32\IE8Eula.rtf
2009-02-03 20:31:45 0 d-----w- C:\TimezAttack
2009-02-03 19:59:07 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2009-01-07 22:20:54 134144 ------w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 22:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
2009-01-05 18:58:05 0 d-----w- C:\col6596
2009-01-05 18:33:12 594432 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2009-01-05 18:33:12 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-05 18:33:11 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll
2009-01-05 18:33:11 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-05 18:33:11 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2009-01-05 18:33:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-01-05 18:33:10 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-05 18:33:10 1241088 ----a-w- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-05 18:33:08 11069440 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2009-01-05 18:07:36 19545 ----a-w- c:\windows\hpoins01.dat
2009-01-05 18:07:36 16606 ------w- c:\windows\hpomdl01.dat
2008-12-25 19:57:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-12-16 12:30:34 354304 ------w- c:\windows\system32\dllcache\winhttp.dll
2008-12-12 15:18:16 87336 ----a-w- c:\windows\system32\dns-sd.exe
2008-12-12 15:11:46 61440 ----a-w- c:\windows\system32\dnssd.dll
2008-12-12 08:18:52 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c95c324488848c.mof
2008-12-05 06:54:55 147456 ------w- c:\windows\system32\dllcache\schannel.dll
2008-12-04 00:05:50 20480 ----a-w- c:\windows\system32\hpzisn12.dll
2008-12-04 00:05:46 29696 ----a-w- c:\windows\system32\hpzipt12.dll
2008-12-04 00:05:44 33792 ----a-w- c:\windows\system32\HPZipr12.dll
2008-12-04 00:05:42 53760 ----a-w- c:\windows\system32\HPZipm12.dll
2008-12-04 00:05:36 49152 ----a-w- c:\windows\system32\HPZidr12.dll
2008-12-04 00:05:32 44544 ----a-w- c:\windows\system32\HPZinw12.dll
2008-11-12 05:51:29 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 05:50:59 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2008-10-23 21:02:55 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 12:36:14 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2008-10-15 07:20:13 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c92e967659e146.mof
2008-10-15 03:57:58 333952 ------w- c:\windows\system32\dllcache\srv.sys
2008-10-15 03:57:39 1850624 ------w- c:\windows\system32\dllcache\win32k.sys
2008-10-15 03:57:37 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 03:57:36 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 03:57:35 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:57:35 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2008-09-30 21:43:34 1286152 ----a-w- c:\windows\system32\msxml4.dll
2008-08-25 20:36:59 0 d-----w- c:\windows\CWONDERS
2008-08-24 18:53:06 63 ----a-w- c:\windows\STRINGS.INI
2008-08-24 18:52:55 298 ----a-w- c:\windows\EReg077.dat
2008-08-24 18:52:37 63 ----a-w- c:\windows\MADCCF.INI
2008-08-24 18:52:37 0 ----a-w- c:\windows\MADCCS.INI
2008-08-24 18:30:41 92208 ----a-w- c:\windows\system\WING.DLL
2008-08-24 18:30:41 12800 ----a-w- c:\windows\system\WING32.DLL
2008-08-24 18:30:37 20 ----a-w- c:\windows\encore_launcher.ini
2008-08-24 18:30:28 345600 ----a-r- c:\windows\system\QTIM32.DLL
2008-08-24 18:29:21 658 ----a-w- c:\windows\WININI.QTW
2008-08-24 18:29:21 344 ----a-w- c:\windows\QTW.INI
2008-08-24 18:29:21 231 ----a-w- c:\windows\SYSINI.QTW
2008-08-24 18:28:37 30 ----a-w- c:\windows\RESULT.QTW
2008-08-24 18:28:32 92208 ----a-w- c:\windows\system32\WING.DLL
2008-08-24 18:28:32 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2008-08-24 18:28:32 5024 ----a-w- c:\windows\system32\WINGPAL.WND
2008-08-24 18:28:32 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2008-08-24 18:28:32 12800 ----a-w- c:\windows\system32\WING32.DLL
2008-08-24 18:25:41 43800 ----a-w- c:\windows\system32\BAUEFUIB.TTF
2008-08-24 18:25:41 1409 ----a-w- c:\windows\system32\BAUEFUIB.TTF.fot
2008-08-24 18:25:37 0 d-----w- C:\CWONDERS
2008-08-24 18:25:24 0 d-----w- c:\documents and settings\brannon wiles\WINDOWS
2008-08-23 03:36:43 0 d-----w- c:\windows\system32\scripting
2008-08-23 03:36:43 0 d-----w- c:\windows\l2schemas
2008-08-23 03:36:42 0 d-----w- c:\windows\system32\en
2008-08-23 03:36:42 0 d-----w- c:\windows\system32\bits
2008-08-23 03:34:08 0 d-----w- c:\windows\ServicePackFiles
2008-08-23 03:32:41 0 d-----w- c:\windows\network diagnostic
2008-08-22 20:21:57 397312 ------w- c:\windows\system32\mmcex.dll
2008-08-22 20:20:59 136192 ------w- c:\windows\system32\aaclient.dll
2008-08-15 07:27:38 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c8fea864b10906.mof
2008-08-14 22:18:54 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2008-08-14 22:18:52 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2008-07-30 01:10:04 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-30 01:10:04 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-30 01:10:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-30 00:35:46 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2008-07-29 23:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-29 23:59:58 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2008-07-29 23:59:58 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-29 23:59:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 23:24:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-29 23:24:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-29 23:24:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2008-07-29 23:24:50 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-29 09:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 15:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 15:16:58 282112 ----a-w- c:\windows\system32\mscoree.dll
2008-07-25 15:16:58 158720 ----a-w- c:\windows\system32\mscorier.dll
2008-07-25 15:16:46 96760 ----a-w- c:\windows\system32\dfshim.dll
2008-07-07 20:26:58 253952 ------w- c:\windows\system32\dllcache\es.dll
2008-06-26 08:15:30 1208832 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2008-06-26 08:15:29 1499136 ------w- c:\windows\system32\dllcache\shdocvw.dll
2008-06-24 16:43:16 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2008-06-20 17:46:57 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2008-06-20 17:46:57 147968 ------w- c:\windows\system32\dllcache\dnsapi.dll
2008-06-20 11:51:12 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:40:08 138496 ------w- c:\windows\system32\dllcache\afd.sys
2008-06-20 11:08:27 225856 ------w- c:\windows\system32\dllcache\tcpip6.sys
2008-06-17 19:02:19 8461312 ------w- c:\windows\system32\dllcache\shell32.dll
2008-06-12 14:23:32 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2008-06-12 14:23:32 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2008-06-12 14:23:32 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2008-06-12 14:23:32 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2008-06-12 14:23:32 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
2008-06-12 14:23:32 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2008-06-11 10:10:56 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2008-06-11 10:10:34 272128 ------w- c:\windows\system32\drivers\bthport.sys
2008-06-11 10:10:34 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2008-05-31 07:01:23 0 d-----w- c:\program files\MSXML 6.0
2008-05-30 21:51:39 0 d-----w- c:\program files\Roxio
2008-05-27 00:26:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2008-05-27 00:24:16 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2008-05-27 00:23:20 195096 ----a-w- c:\windows\system32\lvci1150.dll
2008-05-16 10:29:30 1125761 ----a-w- c:\windows\setupapi.log.3.old
2008-05-09 23:23:42 135168 ------w- c:\windows\system32\dllcache\wshom.ocx
2008-05-09 10:53:40 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2008-05-09 10:53:40 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2008-05-09 10:53:40 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2008-05-09 10:53:39 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2008-05-09 10:53:39 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2008-05-08 11:24:44 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2008-05-07 09:07:23 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2008-05-07 05:12:40 1291264 ------w- c:\windows\system32\dllcache\quartz.dll
2008-04-30 16:16:10 54156 ---ha-w- c:\windows\QTFont.qfn
2008-04-30 16:16:10 1409 ----a-w- c:\windows\QTFont.for
2008-04-21 06:44:29 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2008-04-21 06:44:29 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2008-04-08 17:58:11 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c899a21b99cc78.mof
2008-03-29 02:32:04 0 d-----w- C:\PSFONTS
2008-03-29 02:31:55 0 d-----w- c:\program files\Finale NotePad 2008
2008-03-18 01:47:13 655 ----a-w- c:\windows\Instcomp.lyt
2008-03-18 01:42:41 0 d-----w- c:\program files\ItsDeductible2006
2008-03-17 03:06:12 0 d-----w- c:\program files\TurboTax
2008-03-13 14:08:12 0 ----a-w- c:\windows\system32\eFax_4_2_Port
2008-03-12 07:17:35 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c88411252dc088.mof
2008-03-05 01:45:04 7680 ----a-w- c:\windows\system32\hpboidps.dll
2008-03-05 01:45:00 25600 ----a-w- c:\windows\system32\hpboid.dll
2008-03-05 01:44:58 39936 ----a-w- c:\windows\system32\hpbpro.dll
2008-03-05 01:44:52 24576 ----a-w- c:\windows\system32\hpbmiapi.dll
2008-03-05 01:44:50 7680 ----a-w- c:\windows\system32\hpbprops.dll
2008-01-29 16:02:30 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2008-01-29 16:01:28 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2007-12-30 23:40:50 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c84b3d68c639ae.mof
2007-12-30 22:43:38 0 d-----w- c:\program files\Dell Support Center
2007-12-30 22:43:35 0 d-----w- c:\program files\common files\supportsoft
2007-12-12 22:44:28 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c83d108d01bbb2.mof
2007-12-09 21:53:35 0 d-----w- c:\program files\VideoLAN
2007-12-09 16:52:24 0 d-----w- c:\docume~1\branno~1\applic~1\BitTorrent
2007-12-09 16:52:08 0 d-----w- c:\program files\BitTorrent
2007-12-04 01:22:43 0 d-----w- c:\docume~1\alluse~1\applic~1\ExtendMedia
2007-12-04 01:22:12 0 d-----w- c:\program files\OpenCASE
2007-11-07 17:06:46 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2007-10-22 03:49:15 0 d-----w- c:\docume~1\branno~1\applic~1\Research In Motion
2007-10-22 03:49:03 256 ----a-w- c:\windows\system32\pool.bin
2007-10-22 03:30:58 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2007-10-22 03:30:31 0 d-----w- c:\docume~1\branno~1\applic~1\Blackberry Desktop
2007-10-22 03:29:36 0 d-----w- c:\program files\common files\Research In Motion
2007-10-22 03:29:27 0 d-----w- c:\program files\BlackBerry
2007-10-22 03:18:04 0 d-sh--w- c:\windows\ftpcache
2007-10-19 17:16:30 2109976 ----a-w- c:\windows\system32\drivers\Lvckap.sys
2007-10-11 22:59:24 25624 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2007-10-11 22:59:02 2142488 ----a-w- c:\windows\system32\drivers\LVMVdrv.sys
2007-10-03 23:53:02 0 d-----w- C:\EA
2007-10-03 00:11:39 0 d-----w- c:\program files\SecondLife
2007-09-27 19:15:44 0 d--h--w- c:\windows\PIF
2007-09-27 12:30:26 0 d-----w- c:\temp\HP All-in-One Series Web Release
2007-09-25 00:52:29 195096 ----a-w- c:\windows\system32\lvci1110.dll
2007-09-25 00:17:48 0 d-----w- c:\program files\common files\Logitech
2007-09-24 22:29:05 69632 ----a-w- c:\windows\system32\Clifford Uninstall.exe
2007-09-24 22:29:04 91 ----a-w- c:\windows\CBP.INI
2007-09-24 22:29:04 0 d-----w- c:\program files\Scholastic's Clifford
2007-09-24 20:34:25 10 ----a-w- C:\usb001
2007-09-18 03:57:08 86016 ----a-w- c:\windows\system32\custmon32.dll
2007-09-18 01:05:49 0 d-----w- c:\documents and settings\brannon wiles\System
2007-09-18 01:05:49 0 d-----w- c:\docume~1\branno~1\applic~1\SmartDraw
2007-09-18 01:01:32 0 d-----w- c:\program files\SmartDraw 2008
2007-08-31 11:40:05 0 d-----w- c:\docume~1\branno~1\applic~1\Printer Info Cache
2007-08-18 18:51:30 0 ----a-w- c:\windows\QuickInstall.INI
2007-08-15 23:29:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Knowledge Adventure
2007-08-15 14:42:58 71963 ----a-w- c:\windows\system32\ASTULog.cab
2007-08-15 14:42:58 283 ----a-w- c:\windows\system32\setup.rpt
2007-08-15 14:42:58 1047 ----a-w- c:\windows\system32\setup.inf
2007-08-15 14:42:58 0 d-----w- c:\windows\ASTULogTemp
2007-08-15 14:38:00 0 d-----w- c:\program files\Windows Mobile DST07 Updates
2007-08-15 03:30:56 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c7deecb1215bb0.mof
2007-08-14 00:13:54 373 ----a-w- c:\windows\ka.ini
2007-08-14 00:13:46 0 d-----w- c:\program files\JumpStart
2007-08-14 00:13:45 0 d-----w- c:\program files\common files\Knowledge Adventure
2007-08-13 23:54:10 759296 ----a-w- c:\windows\system32\dllcache\VGX.dll
2007-08-13 23:54:10 66560 ----a-w- c:\windows\system32\dllcache\mshtmled.dll
2007-08-13 23:54:10 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2007-08-13 23:54:10 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2007-08-13 23:54:10 236544 ----a-w- c:\windows\system32\dllcache\webcheck.dll
2007-08-13 23:54:10 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2007-08-13 23:54:10 156160 ----a-w- c:\windows\system32\dllcache\msls31.dll
2007-08-13 23:54:10 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
2007-08-13 23:45:10 1469440 ----a-w- c:\windows\system32\dllcache\inetcpl.cpl
2007-08-13 23:44:30 105984 ----a-w- c:\windows\system32\dllcache\url.dll
2007-08-13 23:44:26 193536 ----a-w- c:\windows\system32\dllcache\msrating.dll
2007-08-13 23:44:18 43008 ----a-w- c:\windows\system32\dllcache\licmgr10.dll
2007-08-13 23:44:06 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2007-08-13 23:44:02 69120 ------w- c:\windows\system32\dllcache\iedw.exe
2007-08-13 23:43:56 638816 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2007-08-13 23:42:54 18944 ----a-w- c:\windows\system32\dllcache\corpol.dll
2007-08-13 23:40:52 1241088 ----a-w- c:\windows\system32\ieframe.dll.mui
2007-08-13 23:39:54 229376 ----a-w- c:\windows\system32\dllcache\ieaksie.dll
2007-08-13 23:39:50 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2007-08-13 23:39:26 125952 ----a-w- c:\windows\system32\dllcache\ieakeng.dll
2007-08-13 23:39:20 72704 ----a-w- c:\windows\system32\dllcache\admparse.dll
2007-08-13 23:39:12 71680 ----a-w- c:\windows\system32\dllcache\iesetup.dll
2007-08-13 23:39:10 55808 ----a-w- c:\windows\system32\dllcache\iernonce.dll
2007-08-13 23:39:06 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2007-08-13 23:39:02 94720 ----a-w- c:\windows\system32\dllcache\inseng.dll
2007-08-13 23:39:00 128512 ----a-w- c:\windows\system32\dllcache\advpack.dll
2007-08-13 23:38:48 10240 ----a-w- c:\windows\system32\advpack.dll.mui
2007-08-13 23:36:12 46592 ----a-w- c:\windows\system32\dllcache\pngfilt.dll
2007-08-13 23:36:06 34816 ----a-w- c:\windows\system32\dllcache\imgutil.dll
2007-08-13 23:35:46 348160 ----a-w- c:\windows\system32\dllcache\dxtmsft.dll
2007-08-13 23:35:38 216064 ----a-w- c:\windows\system32\dllcache\dxtrans.dll
2007-08-13 23:32:30 45568 ----a-w- c:\windows\system32\dllcache\mshta.exe
2007-08-13 23:32:16 66560 ----a-w- c:\windows\system32\dllcache\tdc.ocx
2007-08-13 23:18:02 68608 ----a-w- c:\windows\system32\dllcache\hmmapi.dll
2007-08-13 23:01:12 48128 ----a-w- c:\windows\system32\dllcache\mshtmler.dll
2007-08-13 22:56:54 163840 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2007-08-13 22:50:08 1638912 ----a-w- c:\windows\system32\dllcache\mshtml.tlb
2007-08-09 14:56:55 0 d-----w- c:\program files\MSECache
2007-08-07 22:16:53 214 ----a-w- c:\windows\HP_48BitScanUpdatePatch.ini
2007-08-07 00:50:31 0 d-----w- c:\program files\Skype
2007-08-07 00:43:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2007-08-07 00:37:26 490008 ----a-w- c:\windows\system32\LVUI2.dll
2007-08-07 00:37:26 465432 ----a-w- c:\windows\system32\LVUI2RC.dll
2007-08-07 00:37:26 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2007-08-07 00:37:26 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2007-08-07 00:37:26 3647384 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2007-08-07 00:37:26 21138 ----a-w- c:\windows\system32\Repository.reg
2007-08-07 00:37:26 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2007-08-07 00:37:25 59500 ----a-w- c:\windows\system32\lvcoinst.ini
2007-08-07 00:37:25 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2007-08-07 00:37:25 195360 ----a-w- c:\windows\system32\lvci1100.dll
2007-08-07 00:29:11 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2007-08-07 00:29:08 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2007-08-07 00:29:07 16384 ----a-w- c:\windows\system32\ipsink.ax
2007-08-07 00:29:07 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2007-08-07 00:29:05 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2007-08-07 00:29:04 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2007-08-07 00:29:02 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2007-08-07 00:29:00 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2007-08-07 00:28:53 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2007-08-07 00:28:47 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2007-08-07 00:28:47 28672 ----a-w- c:\windows\system32\vidcap.ax
2007-08-07 00:28:46 61952 ----a-w- c:\windows\system32\kstvtune.ax
2007-08-07 00:28:46 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2007-08-07 00:28:46 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2007-08-07 00:28:45 43008 ----a-w- c:\windows\system32\ksxbar.ax
2007-08-07 00:28:45 20992 ----a-w- c:\windows\system32\dshowext.ax
2007-08-06 19:27:10 488 ----a-w- C:\hpfr5550.xml
2007-08-04 19:48:24 0 ----a-w- c:\documents and settings\brannon wiles\LOG
2007-07-24 04:30:05 0 d-----w- c:\program files\Windows Media Connect 2
2007-07-24 04:28:00 0 d-----w- C:\29c9c8d047b3dc929be1
2007-07-24 04:27:24 0 d-----w- C:\409d741ac038f62c35
2007-07-24 02:22:00 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2007-07-24 02:21:54 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2007-07-11 16:01:54 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c7c3d4cd3d712c.mof
2007-06-23 09:47:04 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2007-06-22 13:25:47 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2007-06-22 13:25:47 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2007-06-22 13:25:46 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2007-06-22 13:25:46 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2007-05-17 14:25:18 323624 ----a-w- c:\windows\system32\wiaaut.dll
2007-05-15 19:43:10 1307648 ----a-w- c:\windows\system32\msxml6.dll
2007-05-11 20:14:14 85302 ----a-w- c:\windows\system32\drivers\LVFeL002.cfg
2007-05-11 20:14:14 69592 ----a-w- c:\windows\system32\drivers\LVFaL000.cfg
2007-05-11 20:14:14 227172 ----a-w- c:\windows\system32\drivers\LVFeL000.cfg
2007-05-11 20:14:14 146680 ----a-w- c:\windows\system32\drivers\LVFeL001.cfg
2007-05-09 13:15:24 158456 ----a-w- c:\windows\system32\pxwma.dll
2007-05-09 07:13:36 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c792098fadee10.mof
2007-05-09 07:04:57 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2007-05-01 20:48:40 120056 ----a-w- c:\windows\system32\pxcpyi64.exe
2007-05-01 20:48:38 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2007-05-01 20:48:34 68344 ----a-w- c:\windows\system32\drvins64.exe
2007-05-01 07:00:00 43528 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2007-04-24 14:33:00 114688 ----a-w- c:\windows\system32\hplbdchn.dll
2007-04-11 23:04:56 0 d-----w- c:\program files\DellSupport
2007-04-02 18:19:25 29473 ----a-w- c:\windows\system32\Config.MPF
2007-04-02 18:00:57 143360 ----a-w- c:\windows\system32\dunzip32.dll
2007-04-02 18:00:21 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2007-04-02 18:00:21 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2007-04-02 18:00:21 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2007-04-02 18:00:20 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2007-04-02 18:00:20 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2007-04-02 18:00:18 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2007-04-02 17:59:17 0 d-----w- c:\program files\common files\McAfee
2007-03-29 16:00:02 0 d-----w- c:\program files\common files\Wise Installation Wizard
2007-03-29 15:59:03 0 d-----w- c:\program files\Final Draft
2007-03-23 00:17:04 35440 ----a-w- c:\windows\system32\FM20ENU.DLL
2007-03-08 14:43:39 0 d-----w- c:\docume~1\branno~1\applic~1\eFax Messenger
2007-03-08 14:43:26 0 d-----w- c:\docume~1\alluse~1\applic~1\eFax Messenger 4.2 Setup
2007-03-08 14:43:23 0 d-----w- c:\program files\eFax Messenger 4.2
2007-03-01 04:11:38 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2007-02-25 16:10:48 5376 --s-a-w- c:\windows\system32\drivers\dsunidrv.sys
2007-02-22 20:39:45 0 d-----w- c:\documents and settings\brannon wiles\IGC
2007-02-22 20:33:09 0 d-----w- c:\program files\DWG Viewer
2007-02-16 08:13:48 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c751a262e4ce64.mof
2007-01-16 17:28:11 0 d-----w- c:\windows\SxsCaPendDel
2007-01-11 08:10:52 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c7355802ba33a0.mof
2007-01-05 17:29:39 0 d-----w- c:\program files\.Mac Utilities
2006-12-05 01:54:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2006-12-04 20:54:19 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c717e65e6d8060.mof
2006-11-17 08:01:02 0 d-----w- c:\program files\MSXML 4.0
2006-11-17 08:00:54 0 d-----w- C:\bd037c3a8bf899e47d59aafd9eaa
2006-11-13 17:39:28 138024 ----a-w- c:\windows\system32\rapi.dll
2006-11-13 17:38:40 22824 ----a-w- c:\windows\system32\ceutil.dll
2006-10-19 00:00:46 249856 ------w- c:\windows\system32\drmupgds.exe
2006-10-19 00:00:14 17408 ------w- c:\windows\system32\wpdshextautoplay.exe
2006-10-14 08:13:25 981760 ------w- c:\windows\system32\dllcache\mfc42u.dll
2006-10-02 19:28:42 312128 ------w- c:\windows\system32\msdelta.dll
2006-09-29 00:13:26 95344 ------w- c:\windows\system32\WUDFCoinstaller.dll
2006-09-28 23:00:34 82944 ------w- c:\windows\system32\drivers\WudfRd.sys
2006-09-28 22:56:38 316416 ------w- c:\windows\system32\WUDFx.dll
2006-09-28 22:56:38 146432 ------w- c:\windows\system32\WudfHost.exe
2006-09-28 22:56:16 165376 ------w- c:\windows\system32\WudfPlatform.dll
2006-09-28 22:56:14 55808 ------w- c:\windows\system32\WudfSvc.dll
2006-09-28 22:55:50 77568 ------w- c:\windows\system32\drivers\WudfPf.sys
2006-09-25 16:49:02 33638 ----a-w- c:\windows\system32\PDFCAWW6xxSM_Uninstall.exe
2006-09-25 16:49:01 0 d-----w- c:\windows\system32\DocuComRes6
2006-09-25 16:48:55 0 d-----w- c:\docume~1\branno~1\applic~1\zeon
2006-09-25 16:48:55 0 d-----w- c:\docume~1\alluse~1\applic~1\zeon
2006-09-25 16:48:52 0 d-----w- c:\program files\common files\Scansoft Shared
2006-09-25 16:48:49 0 d-----w- c:\program files\PDF Converter
2006-09-23 18:12:50 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2006-09-23 18:12:50 1022976 ------w- c:\windows\system32\dllcache\browseui.dll
2006-09-23 18:12:38 74715 ------w- c:\windows\system32\IE7Eula.rtf
2006-09-01 13:44:04 8798 ----a-w- c:\windows\system32\icrav03.rat
2006-09-01 13:44:04 1988 ------w- c:\windows\system32\ticrf.rat
2006-08-24 20:15:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
2006-08-23 09:20:44 1381039 ----a-w- c:\windows\setupapi.log.1.old
2006-08-23 09:20:44 1094741 ----a-w- c:\windows\setupapi.log.2.old
2006-08-22 18:09:31 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c6c6161d2d51c0.mof
2006-08-22 09:05:26 498742 ------w- c:\windows\system32\dllcache\dxmasf.dll
2006-08-21 14:52:08 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2006-08-07 13:23:18 0 d-----w- c:\docume~1\branno~1\applic~1\McAfee
2006-08-04 17:13:39 0 d-----w- c:\program files\McAfee
2006-08-04 17:13:31 90112 ----a-w- c:\windows\system32\mcrtl32.dll
2006-08-04 17:13:31 32768 ----a-w- c:\windows\system32\instlsp.exe
2006-08-04 17:13:31 131072 ----a-w- c:\windows\system32\mclsp.dll
2006-08-04 17:13:31 11264 ----a-w- c:\windows\system32\sporder.dll
2006-07-10 17:50:49 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c6a4496110a90c.mof
2006-06-29 13:05:44 26112 ----a-w- c:\windows\system32\idndl.dll
2006-06-29 13:05:44 23552 ----a-w- c:\windows\system32\normaliz.dll
2006-06-28 22:59:26 24576 ----a-w- c:\windows\system32\nlsdl.dll
2006-06-08 17:06:50 66384 ----a-w- c:\windows\system32\normnfkc.nls
2006-06-08 17:06:50 60294 ----a-w- c:\windows\system32\normnfkd.nls
2006-06-08 17:06:50 59342 ----a-w- c:\windows\system32\normidna.nls
2006-06-08 17:06:50 45794 ----a-w- c:\windows\system32\normnfc.nls
2006-06-08 17:06:50 39284 ----a-w- c:\windows\system32\normnfd.nls
2006-05-04 15:47:42 206 ----a-w- c:\windows\HPGdiPlus.ini
2006-04-21 15:11:55 0 d-----w- c:\windows\system32\LogFiles
2006-04-11 14:01:12 0 d-----w- c:\windows\system32\Parsons
2006-04-11 14:00:24 0 d-----w- c:\program files\Parsons Technology
2006-04-10 17:00:30 239496 ------w- c:\windows\system32\dllcache\wgaLogon.dll
2006-04-10 17:00:28 934792 ------w- c:\windows\system32\dllcache\WgaTray.exe
2006-04-03 20:31:30 99736 ------w- c:\windows\CPEins05.dat.temp
2006-03-20 17:47:53 0 d-----w- C:\PhSp_CS2_UE_Upg
2006-03-20 17:12:06 733 ----a-w- c:\windows\hpntwksetup.ini
2006-03-17 00:38:01 28672 ------w- c:\windows\system32\verclsid.exe
2006-02-24 14:42:04 104661 ------w- c:\windows\hpoins04.dat.temp
2006-01-18 23:59:53 0 d-----w- C:\Acro_70_Pro_UE_Upg_PR_PR
2006-01-12 19:32:14 108832 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2006-01-12 18:21:10 0 d-----w- c:\program files\common files\Adobe Systems Shared
2006-01-12 18:17:11 0 d-----w- c:\program files\Photoshop
2006-01-08 01:38:38 0 d-----w- c:\program files\Wireless Sync
2006-01-08 01:38:38 0 d-----w- c:\docume~1\alluse~1\applic~1\SyncClient
2006-01-07 23:23:50 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2006-01-07 23:23:50 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2005-12-30 18:01:23 1613824 ----a-w- c:\windows\system32\cdintf250.dll
2005-12-30 18:00:56 0 d-----w- c:\docume~1\branno~1\applic~1\Intuit
2005-12-19 17:55:35 0 ----a-w- c:\documents and settings\brannon wiles\.gtk-bookmarks
2005-12-02 16:50:25 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2005-12-02 16:50:25 0 d-----w- c:\program files\Belarc
2005-11-15 17:12:08 126680 ----a-w- c:\windows\system32\GCCollection.dll
2005-11-15 17:12:08 117976 ----a-w- c:\windows\system32\hashlib.dll
2005-11-15 17:12:06 95448 ----a-w- c:\windows\system32\gcUnCompress.dll
2005-10-04 16:04:53 0 d-----w- c:\program files\Overland
2005-10-04 15:57:26 100724 ----a-w- c:\windows\cpeins04.dat
2005-10-04 15:51:55 99736 ----a-w- c:\windows\CPEins05.dat
2005-10-04 15:51:55 17176 ------w- c:\windows\hpomdl04.dat.temp
2005-10-04 15:47:54 0 d-----w- c:\windows\Hewlett-Packard
2005-09-23 11:29:16 626688 ----a-w- c:\windows\system32\msvcr80.dll
2005-09-08 05:03:50 79872 ----a-w- c:\windows\system32\msxml6r.dll
2005-07-30 19:23:50 0 d-----w- c:\program files\Microsoft AntiSpyware
2005-07-30 19:07:20 149504 ----a-w- c:\windows\UNWISE.EXE
2005-07-22 17:09:50 4451 ----a-w- c:\windows\cdPlayer.ini
2005-06-30 07:00:22 0 d-----w- c:\windows\system32\PreInstall
2005-06-20 15:12:00 284240 ----a-w- c:\windows\system32\MCPrintX.dll
2005-06-17 07:00:42 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2005-06-14 23:13:14 104576 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2005-06-14 23:13:14 104576 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2005-06-14 13:55:12 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2005-06-01 17:34:24 0 d-----w- C:\Palm photos
2005-05-27 17:19:05 0 d-----w- c:\program files\common files\xing shared
2005-05-27 17:18:48 0 d-----w- c:\program files\common files\Real
2005-05-26 13:25:28 0 d-----w- c:\documents and settings\brannon wiles\SharedDocuments
2005-05-26 09:19:32 215920 ----a-w- c:\windows\system32\muweb.dll
2005-05-23 18:00:14 184320 ----a-w- c:\windows\system32\gtdownde_110.ocx
2005-05-23 18:00:14 1099 ----a-w- c:\windows\system32\gtdownde_110.inf
2005-05-17 14:36:52 0 d-----w- c:\windows\Profiles
2005-05-13 18:42:10 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c557eb78b88c7e.mof
2005-05-06 23:14:06 42544 ----a-w- c:\windows\system32\gotomon.dll
2005-05-06 23:14:04 0 d-----w- c:\program files\Citrix
2005-05-06 23:11:40 2449408 ----a-w- c:\documents and settings\brannon wiles\gosetup.exe
2005-05-05 19:42:39 210944 ------w- c:\windows\system32\Msvcrt10.dll
2005-05-05 16:45:21 411352 ------w- c:\windows\system32\Vsflex6.ocx
2005-05-05 16:45:20 0 d-----w- c:\program files\Chapura
2005-05-05 16:24:01 0 d-----w- c:\windows\system32\NtmsData
2005-05-04 19:21:38 0 d-----w- c:\program files\Palm
2005-05-04 19:18:28 0 d-----w- c:\windows\system32\appmgmt
2005-05-04 17:18:47 64 ----a-w- c:\windows\qwimp.ini
2005-05-04 17:04:54 1718 ----a-w- c:\windows\QUICKEN.INI
2005-05-04 17:04:45 0 d-----w- c:\program files\common files\Palo Alto Software
2005-05-04 17:04:25 0 d-----w- c:\program files\Quicken
2005-05-03 21:53:42 0 d-----w- c:\program files\common files\SWF Studio
2005-05-03 21:48:32 0 d-----w- c:\program files\common files\Symantec Shared
2005-05-03 21:47:15 0 d-----w- c:\windows\Application Data
2005-05-03 21:47:12 0 d-----w- c:\program files\Corel
2005-05-03 21:01:29 0 d-----w- c:\docume~1\branno~1\applic~1\.gaim
2005-05-03 20:58:59 0 d-----w- c:\program files\common files\GTK
2005-05-03 19:33:43 3245 ----a-w- c:\windows\system32\wbem\Outlook_01c550170475b03e.mof
2005-05-03 19:00:27 99965 ----a-w- c:\windows\UninstallFirefox.exe
2005-05-03 18:58:01 7638 ----a-w- c:\windows\mozver.dat
2005-05-03 18:04:19 0 d-----w- c:\program files\common files\HP
2005-05-03 18:02:47 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2005-05-03 18:02:47 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2005-05-03 18:02:47 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2005-05-03 18:02:46 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2005-05-03 18:01:45 0 d-----w- c:\program files\common files\Hewlett-Packard
2005-05-03 17:59:56 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2005-05-03 17:59:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2005-05-03 17:59:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2005-05-03 17:59:08 49152 ----a-r- c:\windows\system32\hpzjrd01.dll
2005-05-03 17:58:57 9864 ----a-r- c:\windows\system32\hptcpmui.hlp
2005-05-03 17:58:57 9820 ----a-r- c:\windows\system32\hpipxmui.hlp
2005-05-03 17:58:57 3567 ----a-r- c:\windows\system32\hptcpmon.ini
2005-05-03 17:58:57 279 ----a-w- c:\windows\system32\AddPort.ini
2005-05-03 17:58:57 212992 ----a-r- c:\windows\system32\hptcpmui.dll
2005-05-03 17:58:56 98304 ----a-r- c:\windows\system32\hpzjsn01.dll
2005-05-03 17:58:56 73728 ----a-r- c:\windows\system32\hptcpmib.dll
2005-05-03 17:58:56 28672 ----a-r- c:\windows\system32\hpzjfw01.dll
2005-05-03 17:58:56 110592 ----a-r- c:\windows\system32\hptcpmon.dll
2005-05-03 17:55:40 0 d-----w- C:\TEMP
2005-05-03 17:54:39 73728 ----a-w- c:\windows\system32\HPZipm12.exe
2005-05-03 17:54:39 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2005-05-03 17:53:20 0 d-----w- c:\program files\HP
2005-05-03 17:49:36 53302 ------w- c:\windows\system32\rmvportA.exe
2005-05-03 17:49:36 151604 ------w- c:\windows\system32\pspntA.dll
2005-05-03 17:28:22 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2005-05-03 17:28:21 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2005-05-03 17:28:21 0 d-----w- c:\windows\system32\SoftwareDistribution
2005-05-03 17:28:07 0 d-sh--w- c:\documents and settings\brannon wiles\UserData
2005-05-03 17:14:30 8192 ----a-w- c:\windows\REGLOCS.OLD
2005-05-03 17:14:24 21504 ----a-w- c:\windows\system32\hidserv.dll
2005-05-03 17:14:21 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2005-05-03 17:14:20 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2005-05-03 17:14:18 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2005-05-03 17:14:17 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2005-04-29 00:56:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Prism
2005-04-29 00:55:25 0 d-----w- c:\program files\common files\Sonic Shared
2005-04-29 00:54:23 0 d-----w- c:\program files\common files\Intuit
2005-04-29 00:54:22 0 d-----w- c:\program files\common files\AnswerWorks 4.0
2005-04-29 00:53:52 0 d-----w- c:\program files\Intuit
2005-04-29 00:53:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2005-04-29 00:52:52 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com
2005-04-29 00:52:45 0 d-----w- c:\program files\McAfee.com
2005-04-29 00:51:52 0 d-----w- c:\program files\Dell Inc
2005-04-29 00:51:24 0 d-----w- c:\program files\common files\Jasc Software Inc
2005-04-29 00:51:15 0 d-----w- c:\program files\Jasc Software Inc
2005-04-29 00:50:41 0 d-----w- c:\program files\common files\Sonic
2005-04-29 00:50:15 0 d-----w- c:\program files\Sonic
2005-04-29 00:50:11 0 d-----w- c:\program files\Microsoft Plus! Photo Story 2 LE
2005-04-29 00:50:09 0 d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2005-04-29 00:49:35 0 d-----w- c:\program files\MUSICMATCH
2005-04-29 00:48:55 0 d-----w- c:\program files\Your Company Name
2005-04-29 00:43:43 0 d-----w- c:\program files\common files\Crystal Decisions
2005-04-29 00:43:39 0 d-----w- c:\program files\Microsoft SQL Server
2005-04-29 00:42:52 0 d-----w- c:\program files\common files\L&H
2005-04-29 00:42:47 0 d-----w- c:\program files\Microsoft ActiveSync
2005-04-29 00:42:01 0 d-----w- c:\program files\Modem On Hold
2005-04-29 00:41:49 0 d-----w- c:\program files\Modem Helper
2005-04-29 00:41:40 0 d-----w- c:\program files\Dell
2005-04-29 00:41:37 0 d-----w- c:\program files\ATI Technologies
2005-04-29 00:41:28 0 d-----w- c:\program files\Broadcom
2005-04-29 00:41:06 0 d-----w- c:\program files\Dell Wireless
2005-04-29 00:31:59 0 d-----w- c:\program files\Analog Devices
2005-04-29 00:18:24 0 d--h--w- c:\program files\WindowsUpdate
2005-04-29 00:18:22 0 d-----w- c:\program files\Online Services
2005-04-29 00:18:20 0 d-----w- c:\program files\MSN Gaming Zone
2005-04-29 00:18:20 0 d-----w- c:\program files\Messenger
2005-04-29 00:18:16 0 d-----w- c:\program files\Windows NT
2005-04-29 00:18:16 0 d-----w- c:\program files\common files\SpeechEngines
2005-04-29 00:18:16 0 d-----w- c:\program files\common files\ODBC
2005-04-29 00:18:16 0 d-----w- c:\program files\common files\MSSoap
2005-04-29 00:18:14 0 d-sh--w- c:\documents and settings\all users\DRM
2005-04-29 00:18:14 0 d-----w- c:\docume~1\alluse~1\applic~1\SBSI
2005-04-29 00:18:14 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-10-01 19:05:18 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2009-10-01 19:05:17 991232 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2009-10-01 19:05:17 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2009-10-01 19:05:17 666624 ----a-w- c:\windows\system32\cwalsp.dll
2009-10-01 19:05:17 1859584 ----a-w- c:\windows\system32\AltaRecovery.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 13:21:25 1850624 ----a-w- c:\windows\system32\win32k.sys
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-14 03:43:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 03:43:24 286208 ----a-w- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-14 03:43:24 10841088 ----a-w- c:\windows\system32\dllcache\wmp.dll
2009-06-25 08:25:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25:26 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25:26 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36:30 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31:40 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13:29 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19:38 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09:37 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-20 08:56:52 2458112 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-24 11:35:23 247616 ----a-w- c:\windows\system32\wxIE.dll
2009-04-15 14:51:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 03:02:22 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-04-02 03:02:22 604160 ----a-w- c:\windows\system32\dllcache\wmspdmod.dll
2009-03-08 08:34:30 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 08:33:40 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 08:33:06 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 08:32:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 08:32:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 08:31:38 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 08:31:18 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 08:31:02 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 08:22:38 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22:18 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-13 17:30:48 712704 ----a-w- c:\windows\system32\wxmsw28u_adv_vc_CW.dll
2009-02-13 17:30:48 524288 ----a-w- c:\windows\system32\wxmsw28u_xrc_vc_CW.dll
2009-02-13 17:30:48 499712 ----a-w- c:\windows\system32\wxmsw28u_html_vc_CW.dll
2009-02-13 17:30:48 2904064 ----a-w- c:\windows\system32\wxmsw28u_core_vc_CW.dll
2009-02-13 17:30:48 135168 ----a-w- c:\windows\system32\wxbase28u_xml_vc_CW.dll
2009-02-13 17:30:48 135168 ----a-w- c:\windows\system32\wxbase28u_net_vc_CW.dll
2009-02-13 17:30:48 1232896 ----a-w- c:\windows\system32\wxbase28u_vc_CW.dll
2009-02-13 17:30:48 110592 ----a-w- c:\windows\system32\wxmsw28u_media_vc_CW.dll
2009-02-09 12:10:48 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10:48 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10:48 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10:48 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10:48 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-02-06 11:11:05 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 10:39:08 35328 ----a-w- c:\windows\system32\sc.exe
2009-02-06 10:10:02 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2008-12-16 12:30:34 354304 ----a-w- c:\windows\system32\winhttp.dll
2008-12-11 10:57:09 333952 ----a-w- c:\windows\system32\drivers\srv.sys
2008-10-24 11:21:09 455296 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36:14 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-09-10 01:14:56 1307648 ------w- c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:15:04 1106944 ----a-w- c:\windows\system32\msxml3.dll
2008-08-14 10:04:36 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:26:58 253952 ----a-w- c:\windows\system32\es.dll
2008-06-24 22:12:58 295936 ------w- c:\windows\system32\wmpeffects.dll
2008-06-24 16:43:16 74240 ----a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46:57 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 11:51:12 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08:27 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-18 10:03:08 938496 ----a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 10:03:08 938496 ----a-w- c:\windows\system32\dllcache\WMNetmgr.dll
2008-06-18 06:09:22 100864 ----a-w- c:\windows\system32\logagent.exe
2008-06-18 06:09:22 100864 ----a-w- c:\windows\system32\dllcache\logagent.exe
2008-06-12 14:23:32 956928 ----a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23:32 91648 ----a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:23:32 66560 ----a-w- c:\windows\system32\mtxclu.dll
2008-06-12 14:23:32 58880 ----a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23:32 428032 ----a-w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:23:32 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
2008-05-09 10:53:40 90112 ----a-w- c:\windows\system32\wshext.dll
2008-05-09 10:53:40 172032 ----a-w- c:\windows\system32\scrrun.dll
2008-05-09 10:53:39 180224 ----a-w- c:\windows\system32\scrobj.dll
2008-05-08 14:02:52 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-05-08 11:24:44 155648 ----a-w- c:\windows\system32\wscript.exe
2008-05-07 09:07:23 135168 ----a-w- c:\windows\system32\cscript.exe
2008-04-14 09:42:38 11264 ----a-w- c:\windows\system32\spnpinst.exe
2008-04-14 09:42:06 985088 ----a-w- c:\windows\system32\setupapi.dll

============= FINISH: 17:27:35.78 ===============

#9 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:42 AM

Posted 13 November 2009 - 02:31 AM

Hello

The logs looks good.

We need to do another regfix because there's one thing left. Your last regfix worked great.


Backup Your Registry with ERUNT
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please run Notepad and paste the following text into a new file:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SearchMigratedDefaultURL"=""


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.


Let's run Gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


Please post Gmer log and a fresh DDS log back here :(

Edited by Baabiouz, 13 November 2009 - 02:31 AM.

Posted Image

#10 mbwiles

mbwiles
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Winston-Salem, NC
  • Local time:08:42 PM

Posted 13 November 2009 - 09:50 AM

Thank you. Performed additional registry fix. Logs follow...


GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-13 21:43:45
Windows 5.1.2600 Service Pack 3
Running: xivusqe7.exe; Driver: C:\DOCUME~1\BRANNO~1\LOCALS~1\Temp\uxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA54850B0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA53C778A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA53C7821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA53C7738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA53C774C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA53C7835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA53C7861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA53C78CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA53C78B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA53C77CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA53C78FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA53C780D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA53C7710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA53C7724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA53C779E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA53C7937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA53C78A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA53C788D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA53C784B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA53C7923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA53C790F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA53C7776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA53C7762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA53C7877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA53C77F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA53C78E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA53C77E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA53C77B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A53C77B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A53C778E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP A53C77CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP A53C77E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP A53C77A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP A53C7714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP A53C7728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP A53C7766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP A53C7750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11FA 5 Bytes JMP A53C773C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP A53C777A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AC 5 Bytes JMP A53C77FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EA 7 Bytes JMP A53C7891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D38 7 Bytes JMP A53C787B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622062 7 Bytes JMP A53C78E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622900 7 Bytes JMP A53C78A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D4 7 Bytes JMP A53C784F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237B2 5 Bytes JMP A53C7825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C42 7 Bytes JMP A53C7839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E12 7 Bytes JMP A53C7865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF2 7 Bytes JMP A53C78D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425C 7 Bytes JMP A53C78BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B84 5 Bytes JMP A53C7811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EAA 7 Bytes JMP A53C793B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062516A 5 Bytes JMP A53C7913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585E 5 Bytes JMP A53C7927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625978 5 Bytes JMP A53C78FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018D0FEF
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 018D0F5F
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 018D004A
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 018D0039
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 018D0F7C
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 018D0014
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018D008F
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 018D0F3D
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 018D0F00
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 018D0F11
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 018D0EE5
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 018D0F97
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 018D0FD4
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 018D0F4E
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 018D0FA8
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 018D0FC3
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 018D0F2C
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 018C0036
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 018C007D
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 018C0FE5
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 018C0025
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 018C0FB6
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 018C000A
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 018C0058
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 018C0047
.text C:\WINDOWS\system32\svchost.exe[208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 018B0FCD
.text C:\WINDOWS\system32\svchost.exe[208] msvcrt.dll!system 77C293C7 5 Bytes JMP 018B0062
.text C:\WINDOWS\system32\svchost.exe[208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 018B002C
.text C:\WINDOWS\system32\svchost.exe[208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 018B0000
.text C:\WINDOWS\system32\svchost.exe[208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 018B003D
.text C:\WINDOWS\system32\svchost.exe[208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 018B0011
.text C:\WINDOWS\system32\svchost.exe[208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 018A0000
.text C:\WINDOWS\system32\svchost.exe[208] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\svchost.exe[208] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[208] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[208] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FF0025
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01080FEF
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01080060
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0108004F
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01080F6B
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01080F7C
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01080FA8
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01080093
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01080082
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01080F15
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010800AE
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010800BF
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01080F8D
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01080014
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01080071
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01080FB9
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01080FD4
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01080F30
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01070025
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0107006C
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01070FD4
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01070FE5
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01070FB9
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01070000
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0107005B
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0107004A
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01060FCA
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!system 77C293C7 5 Bytes JMP 01060055
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01060029
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01060FEF
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0106003A
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0106000C
.text C:\WINDOWS\system32\services.exe[948] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01100FEF
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01100051
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01100F5C
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01100036
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01100F79
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01100FB9
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0110008E
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0110007D
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01100F1A
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01100F2B
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01100EFF
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01100F9E
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01100FDE
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0110006C
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01100025
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0110000A
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011000A9
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010F0FC0
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010F0F8A
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010F0FE5
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010F001B
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010F0FA5
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010F0000
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010F0047
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010F002C
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010E0F95
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!system 77C293C7 5 Bytes JMP 010E0FA6
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010E0FD2
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010E0000
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010E0FB7
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010E0FE3
.text C:\WINDOWS\system32\lsass.exe[960] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010D0000
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0086
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0F91
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0FA2
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD005F
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0FC7
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F65
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F76
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0F2F
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD00C8
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0F1E
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD004E
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD00A1
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD003D
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD002C
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F54
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0039
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0F9A
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FDE
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0014
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0FAB
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0FBC
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88]
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0FCD
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0062
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0047
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0011
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB002C
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0FD7
.text C:\WINDOWS\system32\svchost.exe[1148] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0FE5
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0076
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0F81
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0F92
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB005B
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0036
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB00B8
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0F70
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB0F3A
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB00D3
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DB0F29
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DB0FAF
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DB0FE5
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DB009B
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DB0F55
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DA0025
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DA0FB2
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DA0FD4
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DA0065
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DA0FC3
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FA, 88]
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DA004A
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D9001B
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D90F90
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D90FC6
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D90FAB
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D90FD7
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027D0000
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 027D0FA2
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 027D008D
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 027D0070
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 027D005F
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 027D003D
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027D0F74
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027D0F85
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027D0F48
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027D0F59
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 027D0106
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 027D004E
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 027D001B
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 027D00B2
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 027D002C
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 027D0FDB
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 027D00D7
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 027C002F
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 027C005B
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 027C0FD4
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 027C0FE5
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 027C0F9E
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 027C0000
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 027C0040
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 027C0FB9
.text C:\WINDOWS\System32\svchost.exe[1252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 027B0FAF
.text C:\WINDOWS\System32\svchost.exe[1252] msvcrt.dll!system 77C293C7 5 Bytes JMP 027B0FCA
.text C:\WINDOWS\System32\svchost.exe[1252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 027B0029
.text C:\WINDOWS\System32\svchost.exe[1252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 027B000C
.text C:\WINDOWS\System32\svchost.exe[1252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 027B003A
.text C:\WINDOWS\System32\svchost.exe[1252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 027B0FEF
.text C:\WINDOWS\System32\svchost.exe[1252] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02760FEF
.text C:\WINDOWS\System32\svchost.exe[1252] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02710FE5
.text C:\WINDOWS\System32\svchost.exe[1252] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02710FCA
.text C:\WINDOWS\System32\svchost.exe[1252] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02710000
.text C:\WINDOWS\System32\svchost.exe[1252] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02710FAF
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00800093
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00800082
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00800071
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0080004A
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00800FB9
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008000D0
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008000BF
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00800F6D
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008000FC
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00800121
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00800FA8
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00800FE5
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008000AE
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0080001B
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00800FCA
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008000E1
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F0036
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0F94
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F0FE5
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F001B
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007F0FB9
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007F0FCA
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9F, 88]
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007F0047
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007E0FB7
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!system 77C293C7 5 Bytes JMP 007E0FD2
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007E0027
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007E0FE3
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007E0042
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007E000C
.text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007D0FE5
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0F46
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0F61
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0F7C
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0F8D
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0025
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0F1F
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0067
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0093
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C0082
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C00A4
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0F9E
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0056
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0FB9
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C0F04
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0036
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B007D
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0025
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0FB6
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009B0062
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0047
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0029
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0018
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FC3
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FA8
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FDE
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E10047
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E10F52
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E10F79
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E10F94
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E1001B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10069
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E10058
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E100B0
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E1009F
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E100CB
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10036
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E10FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E10F2D
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E1000A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E10FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E10084
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] ADVAPI32.DLL!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E00025
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] ADVAPI32.DLL!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00F9E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] ADVAPI32.DLL!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E00FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] ADVAPI32.DLL!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00014
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] ADVAPI32.DLL!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E0005B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] ADVAPI32.DLL!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] ADVAPI32.DLL!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E00FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] ADVAPI32.DLL!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 89]
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] ADVAPI32.DLL!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00036
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] MSVCRT.DLL!_wsystem 77C2931E 5 Bytes JMP 00DF0FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] MSVCRT.DLL!system 77C293C7 5 Bytes JMP 00DF004E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] MSVCRT.DLL!_creat 77C2D40F 5 Bytes JMP 00DF0022
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] MSVCRT.DLL!_open 77C2F566 5 Bytes JMP 00DF0000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] MSVCRT.DLL!_wcreat 77C2FC9B 5 Bytes JMP 00DF0033
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] MSVCRT.DLL!_wopen 77C30055 5 Bytes JMP 00DF0011
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1508] WS2_32.dll!socket 10D84211 5 Bytes JMP 10DA0000
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA009A
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0FA5
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0073
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0062
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0047
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00DC
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA00C1
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0123
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0112
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA013E
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FC0
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F8A
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FDB
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00F7
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093005B
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F9E
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930FAF
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FC1
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!system 77C293C7 5 Bytes JMP 0092004C
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FE3
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FD2
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092001D
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900025
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900FCA
.text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FE5
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F77
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F94
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0025
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F2B
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A007D
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0EF5
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A008E
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0EE4
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A000A
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A006C
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F10
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A0FB9
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A0040
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A0FCA
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0000
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003A0F79
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003A0FEF
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 003A0F94
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5A, 88]
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003A001B
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 004F0051
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!system 77C293C7 5 Bytes JMP 004F0036
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 004F0FD7
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 004F0000
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 004F0FC6
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 004F0011
.text C:\WINDOWS\System32\svchost.exe[1912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00310FEF
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0F5F
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0F70
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0054
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0043
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C0FB2
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C00A5
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C008A
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C00D8
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C00C7
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C0F2E
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C0FA1
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C0014
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C006F
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C0FCD
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C0FDE
.text C:\WINDOWS\System32\svchost.exe[1952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C00B6
.text C:\WINDOWS\System32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0FA8
.text C:\WINDOWS\System32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B0040
.text C:\WINDOWS\System32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B001B
.text C:\WINDOWS\System32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0FB9
.text C:\WINDOWS\System32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B000A
.text C:\WINDOWS\System32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 3 Bytes JMP 006B005B
.text C:\WINDOWS\System32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0FD4
.text C:\WINDOWS\System32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[1952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A005F
.text C:\WINDOWS\System32\svchost.exe[1952] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A0FD4
.text C:\WINDOWS\System32\svchost.exe[1952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A0029
.text C:\WINDOWS\System32\svchost.exe[1952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\System32\svchost.exe[1952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A004E
.text C:\WINDOWS\System32\svchost.exe[1952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A000C
.text C:\WINDOWS\System32\svchost.exe[1952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690FE5
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0F81
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0F92
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0076
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0065
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C0FDE
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C00AE
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C009D
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C0F33
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C0F44
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C00F1
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C0FC3
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C0F66
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C0040
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C002F
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C0F55
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B0036
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B007D
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B0FE5
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B001B
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0FCA
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0000
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyW 77DFBA55 3 Bytes JMP 006B006C
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0051
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A0049
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A002E
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A0FD9
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A0000
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A0FC8
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A001D
.text C:\WINDOWS\System32\svchost.exe[2180] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690000
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0091
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A006C
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A005B
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00B3
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00A2
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F46
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00D5
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F2B
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0040
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F77
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A002F
.text C:\WINDOWS\Explorer.EXE[2896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00C4
.text C:\WINDOWS\Explorer.EXE[2896] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290047
.text C:\WINDOWS\Explorer.EXE[2896] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029008E
.text C:\WINDOWS\Explorer.EXE[2896] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[2896] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[2896] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290073
.text C:\WINDOWS\Explorer.EXE[2896] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[2896] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290062
.text C:\WINDOWS\Explorer.EXE[2896] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FD1
.text C:\WINDOWS\Explorer.EXE[2896] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0050
.text C:\WINDOWS\Explorer.EXE[2896] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A003F
.text C:\WINDOWS\Explorer.EXE[2896] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A002E
.text C:\WINDOWS\Explorer.EXE[2896] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[2896] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FD9
.text C:\WINDOWS\Explorer.EXE[2896] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A001D
.text C:\WINDOWS\Explorer.EXE[2896] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[2896] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C001B
.text C:\WINDOWS\Explorer.EXE[2896] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[2896] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C0040
.text C:\WINDOWS\Explorer.EXE[2896] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0067
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F72
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A004C
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F83
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0014
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0093
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F4B
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F04
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F1F
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0EE9
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0078
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\svchost.exe[2960] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F30
.text C:\WINDOWS\system32\svchost.exe[2960] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FCA
.text C:\WINDOWS\system32\svchost.exe[2960] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F79
.text C:\WINDOWS\system32\svchost.exe[2960] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029001B
.text C:\WINDOWS\system32\svchost.exe[2960] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FE5
.text C:\WINDOWS\system32\svchost.exe[2960] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F8A
.text C:\WINDOWS\system32\svchost.exe[2960] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\svchost.exe[2960] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290036
.text C:\WINDOWS\system32\svchost.exe[2960] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FAF
.text C:\WINDOWS\system32\svchost.exe[2960] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E001B
.text C:\WINDOWS\system32\svchost.exe[2960] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0F90
.text C:\WINDOWS\system32\svchost.exe[2960] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0000
.text C:\WINDOWS\system32\svchost.exe[2960] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FE3
.text C:\WINDOWS\system32\svchost.exe[2960] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FAB
.text C:\WINDOWS\system32\svchost.exe[2960] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FC6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D92F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D92CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D92D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D92CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[2696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[2696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[2696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[2696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01632F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01632CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01632D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01632CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[3548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BF2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[3548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BF2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[3548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BF2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[3548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BF2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe[4276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe[4276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe[4276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe[4276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell Support Center\bin\sprtcmd.exe[4432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell Support Center\bin\sprtcmd.exe[4432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell Support Center\bin\sprtcmd.exe[4432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell Support Center\bin\sprtcmd.exe[4432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATT-SST\McciTrayApp.exe[4616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATT-SST\McciTrayApp.exe[4616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATT-SST\McciTrayApp.exe[4616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATT-SST\McciTrayApp.exe[4616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00512F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00512CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00512D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00512CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[4800] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[4800] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[4800] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[4800] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [04CA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [04CA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [04CA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [04CA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell Wireless\PRISMCFG.exe[5004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell Wireless\PRISMCFG.exe[5004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell Wireless\PRISMCFG.exe[5004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Dell Wireless\PRISMCFG.exe[5004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NetNanny\Internet Protection\cwtray.exe[5016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NetNanny\Internet Protection\cwtray.exe[5016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NetNanny\Internet Protection\cwtray.exe[5016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NetNanny\Internet Protection\cwtray.exe[5016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[5432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[5432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[5432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[5432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[5472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[5472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[5472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[5472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\eFax Messenger 4.2\J2GTray.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\eFax Messenger 4.2\J2GTray.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\eFax Messenger 4.2\J2GTray.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\eFax Messenger 4.2\J2GTray.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Brannon Wiles\Desktop\xivusqe7.exe[5660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Brannon Wiles\Desktop\xivusqe7.exe[5660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Brannon Wiles\Desktop\xivusqe7.exe[5660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Brannon Wiles\Desktop\xivusqe7.exe[5660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[5780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[5780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[5780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[5780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DellSupport\DSAgnt.exe[5828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DellSupport\DSAgnt.exe[5828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DellSupport\DSAgnt.exe[5828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DellSupport\DSAgnt.exe[5828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[6948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[6948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[6948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[6948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----




DDS (Ver_09-10-26.01) - NTFSx86
Run by Brannon Wiles at 21:47:43.90 on Fri 11/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.985 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\NetNanny\Internet Protection\cwsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\NetNanny\Internet Protection\cwtray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATTToolbar\FDServer.exe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Documents and Settings\Brannon Wiles\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearchMigratedDefaultUrl =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF Converter Registry Controller] "c:\program files\pdf converter\pdfconv\\RegistryController.exe"
mRun: [GoToMyPC] c:\program files\citrix\gotomypc\g2svc.exe -logon
mRun: [eFax 4.2] "c:\program files\efax messenger 4.2\J2GDllCmd.exe" /R
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [cwcptray] c:\program files\netnanny\internet protection\cwtray.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
StartupFolder: c:\docume~1\branno~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax42~1.lnk - c:\program files\efax messenger 4.2\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open PDF in Word (PDF Converter 2.0) - c:\program files\pdf converter\pdfconv\IEShellExt.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115141329921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165266030406
DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} - hxxps://www20.wirelesssync.vzw.com/en/SyncInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\branno~1\applic~1\mozilla\firefox\profiles\yhfo2woy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.variety.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\brannon wiles\application data\mozilla\firefox\profiles\yhfo2woy.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 CwAltaService20;ContentWatch;c:\program files\netnanny\internet protection\cwsvc.exe [2009-4-14 2072384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 210216]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2007-11-18 810632]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-4-28 57344]

=============== Created Last 30 ================

2009-11-10 06:26:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-09 16:42:36 0 d-----w- c:\program files\ESET
2009-10-26 01:40:51 0 ----a-w- c:\documents and settings\brannon wiles\settings.dat

==================== Find3M ====================

2009-11-10 06:25:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-01 19:05:18 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2009-10-01 19:05:18 151552 ----a-w- c:\windows\system32\libexpat.dll
2009-10-01 19:05:17 991232 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2009-10-01 19:05:17 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2009-10-01 19:05:17 666624 ----a-w- c:\windows\system32\cwalsp.dll
2009-10-01 19:05:17 1859584 ----a-w- c:\windows\system32\AltaRecovery.exe
2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-22 22:00:48 158239 ----a-w- c:\windows\hpoins43.dat
2009-08-19 02:01:35 256 ----a-w- c:\documents and settings\brannon wiles\pool.bin
2009-06-02 09:51:45 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 21:48:48.70 ===============

#11 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:42 AM

Posted 13 November 2009 - 10:14 AM

Looks clean, great job! :(

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Hide system files
  • Open My Computer.
  • Go to Tools > Folder Options.
  • Select the View tab.
  • Scroll down to Hidden files and folders.
  • Select Do not show hidden files and folders.
  • Check (tick) Hide extensions of known file types.
  • Check (tick) Hide protected operating system files (Recommended).
  • Click OK.
  • Close My Computer.
Create a new, clean System Restore point
  • Click on Start > All Programs > Accessories > System Tools > System Restore.
  • On the Welcome Page, select Create a restore point. Click Next.
  • Give this restore point a descriptive name and click Create.
  • When done, click Close.
Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


Clear infected System Restore points
  • Click on Start > All Programs > Accessories > System Tools > Disk Cleanup.
  • Select C drive and click OK.
  • Select the More Options tab.
  • Under System Restore, click on Clean up....
  • You will be prompted. Click Yes.
  • When done, click OK.
  • You will be prompted again. Press Yes to confirm.
  • When done, Disk Cleanup will close automatically.
Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update
Office Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:
  • Go to Start > Control Panel > Automatic Updates
  • Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  • Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  • Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.
Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.
  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.
Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, please refer to this website to learn how to secure Internet Explorer 6.

To secure Internet Explorer 7, please read this article.


Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection
  • Spyware Blaster
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from Javacool.

    If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.

  • Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  • Malwarebytes RogueNET Bleeping Computer
    Before downloading any anti-spyware programs, always check it. This will save you from a lot of trouble. If in doubt, don't ever download it.
Here are some more things to read about:

Securing Skype
Greater email safety
Phishing - what is it?
80 Super Security Tips

Happy surfing and stay clean!
Posted Image

#12 mbwiles

mbwiles
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Winston-Salem, NC
  • Local time:08:42 PM

Posted 13 November 2009 - 07:55 PM

Thank you SO much for your help!!! :(

I noticed during the many re-starts that I get a prompt:
"Floppy Diskette Seek Failure"
asking to press F1 to continue or F2 to run setup utility

Any idea about that?

Thanks again for all your help.

Gratefully,
Brannon

#13 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:42 AM

Posted 14 November 2009 - 03:32 AM

Hello. You're welcome :(

Do you have floppy diskette drive? Have you instert diskette in? Is it working ? :(

Edited by Baabiouz, 14 November 2009 - 03:32 AM.

Posted Image

#14 mbwiles

mbwiles
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Winston-Salem, NC
  • Local time:08:42 PM

Posted 15 November 2009 - 06:53 PM

I don't actually have a floppy diskette drive, no ...

#15 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:42 AM

Posted 16 November 2009 - 12:18 AM

Ok. There may be setting in the Bios where you can disable floppy diskette drive.

You can ask more help here because I don't know very well how to fix the problem. :(

Edited by Baabiouz, 16 November 2009 - 12:18 AM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users