Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

clkh71yhks66.com and z0g7ya1i0.com redirects and more


  • This topic is locked This topic is locked
3 replies to this topic

#1 zimul8r

zimul8r

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 16 August 2010 - 09:07 PM

My system (Windows XP Home SP3) appears to be infected with multiple viruses. At first I was getting periodic redirects to sites like clkh71yhks66.com and z0g7ya1i0.com that were being blocked by SpySweeper. Then I started to get pop-up windows with a red title bar labeled "Antivirus Software Alert" claiming a "Spyware alert" and "Vulnerabilities found". Also, a new shield icon for a program I don't have showed up on the task bar, showing pop-up balloons with bad grammar saying "Windows reports that computer is infected.Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now."

I ran DDS.scr and GMER, but then something started blocking any .exe I tried, popping up a balloon saying "Application cannot be executed. The file _____.exe is infected...". I couldn't get back online, even in safe mode with networking. IE opens, but says "Internet Explorer cannot display the webpage...". I ran a full scan with Spy Sweeper, which quarantined "FakeAvHm-A", "JavaDeSp-A", "Zbot-AB". Managed to install Firefox to post this. Re-ran DDS, but can't get a new GMER run to work, so this one is pre-SpySweeper scan. Not sure if it's still useful, but the ark.txt is attached anyway.



DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Normal at 21:50:04.65 on Mon 08/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1389 [GMT -4:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Normal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uWindows: load= c:\tcwin45\pipeline\remind.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe"
uRun: [qkovlqqm] "c:\documents and settings\normal\local settings\application data\dgvtwcydj\pfmfopgshdw.exe"
uRun: [Cgapigotane] "rundll32.exe" "c:\windows\netone.dll",Startup
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [IntelMeM] "c:\program files\intel\modem event monitor\IntelMEM.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [igfxtray] "c:\windows\system32\igfxtray.exe"
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [igfxpers] "c:\windows\system32\igfxpers.exe"
mRun: [hpfsched] "c:\windows\hpfsched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [baka1] "c:\documents and settings\admin\application data\msa\baka1.exe"
mRun: [nameTODO] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [SonicTODO] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [QuickTimeQuickTimeResources7.6.4] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRun: [MicrosoftHXDSUI] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [HelpHelp2.05.50727.42] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [nameTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [QuickTimeQuickTimeResources] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRun: [nameMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [TranscoderTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [TranscoderTODO] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [QuickTimeResourcesQuickTime] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRun: [QuickTimeResourcesQuickTimeResources] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRun: [QuickTimeResourcesQuickTime7.6.4] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRun: [QuickTimeResourcesQuickTimeResources7.6.4] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRun: [TranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [TranscoderMCTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [MCTranscoderPluginname] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [SonicTranscoderProduct5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [Transcodername] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [ProductSonicTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [MCTranscodername1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [PluginDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [HelpHXVZUI] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [Graphicsresources1.2.2314.20241] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRun: [Componentsicuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicTranscoderPluginTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [TanksGladiator] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRun: [MCTranscoderMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [GladiatorTanks] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRun: [JavaScriptCorezlib] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [MicrosoftHelp] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [SonicTranscoderTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [MCTranscoderPluginTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [SQLite3QTMovieWin] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [DDTranscoderTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [TranscoderSonicTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [MCTranscoderPluginTranscoder1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [Unicodeicudt40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [TranscoderMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [WebKitobjc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icudt40zlib1531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [Pluginname] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [WebKitUnicode143523] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [zlibicudt40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [nameSonic] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [icuin40objc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [namename] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [namePlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [InternationalSQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [UnicodepthreadVC531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [UnicodepthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [Unicodezlib] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [CoreGraphicsobjc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicMCTranscoder1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [libobjcUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [MCTranscoderTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [nameTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [InternationalComponents] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [TranscoderTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [UnicodeWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [nameSonic5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [pthreadVCpthreadVC531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicTranscoderDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [Internationalicuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [pthreadVCJavaScriptCore] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicTranscoderMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [CoreGraphicspthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [CoreFoundationWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [PluginSonic] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [pthreadVCicuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicTranscoderPluginSonicTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [libobjcobjc4531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [TODOProduct5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [zlibInternational40032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [objc4WebKit145050] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [QTMovieWinComponents] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [MCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [icuuc40objc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [WebKitobjc427011200] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icuuc40CoreGraphics] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [libobjcQTMovieWin] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [nameProduct] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [DDTranscodername1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [ProductDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [SQLite3CoreFoundation] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icuin40SQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [PluginMCTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [zlib1pthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SQLite3Unicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [DDTranscoderMCTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [pthreadVCSQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [MCTranscoderPluginSonicTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [QTMovieWinCoreFoundation] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [TranscoderTranscoder1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [ProductPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [TranscoderDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [zlib1WebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icuin40WebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [ProductMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [icuin40International] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [CoreGraphicslibobjc] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicTranscoderTranscoder1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [QTMovieWinWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icuuc40zlib1] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [CoreGraphicszlib1531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [zlibCFNetwork] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [pthreadVCWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [PluginMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [icuin40WebKit27011200] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [TranscoderSonicTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [MCTranscoderSonicTranscoderPlugin1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [pthreadVCobjc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [WebKitzlib1] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [WebKitWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [PluginTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [Unicodeicuin40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [QTMovieWinobjc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [zlib1zlib1] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [UnicodeUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [nameMCTranscoder1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [icudt40pthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicTranscoderMCTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [TODOMCTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [libobjcpthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [DDTranscoderMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [SQLite3WebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [zlib1Unicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [JavaScriptCorepthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [ProductSonicTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [pthreadVCobjc41544190] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icuin40Unicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SQLite3libobjc] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [MCTranscoderPluginSonic] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [Productname] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [nameSonicTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [nameDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [pthreadVCUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icuin40CoreFoundation] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [PluginTODO1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [WebKitCoreFoundation40032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [objc4WebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [pthreadVCUnicode531.21.9] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [TranscoderMCTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [zlib1CFNetwork] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icuuc40pthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [objc4CoreFoundation] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [zlibSQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [MCTranscoderPluginMCTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [TranscoderProduct] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [icuuc40SQLite3145050] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicSonicTranscoderPlugin1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [icuin40icudt4040032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icudt40libobjc] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [zlib1icudt401.2.3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [zlibQTMovieWin40032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [Sonicname] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [libobjcCFNetwork] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icudt40icuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [MCTranscoderSonic5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [SQLite3icudt40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [nameMCTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [SonicTranscoderPluginProduct] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [CoreGraphicszlib1] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [MCTranscoderPluginTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [icuin40icuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [TODOProduct] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [ProductMCTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [pthreadVCpthreadVC40032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [libobjcWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [ComponentsWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [MCTranscoderPluginDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [WebKitzlib] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [icudt40WebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [Componentszlib1] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [UnicodeSQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SQLite3SQLite31544190] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [pthreadVCzlib] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [InternationalQTMovieWin] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [UnicodeJavaScriptCore531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [objc4objc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SQLite3International] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [objc4icuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [DDTranscoderSonicTranscoderPlugin1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [SQLite3zlib] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [objc4Unicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [SonicTranscoderPluginPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRun: [resourcesDashboard] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRun: [CoreGraphicsQTMovieWin] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [MicrosoftHelp2.05.50727.42.0507274200] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [ComponentsQTMovieWin27011200] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRun: [HXDSUIMicrosoft] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [HelpMicrosoft] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [CatalystWizard] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRun: [GraphicsMMVideo] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRun: [GraphicsWizard] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRun: [GladiatorTanks13452] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRun: [HXVZUIHelp] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [DeviceTVresources] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRun: [TanksGladiator32125] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRun: [HelpHXDSUI] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [MicrosoftHXVZUI2.05.50727.42] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [HXVZUIHXDSUI] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRun: [TanksGladiator17673] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRun: [GladiatorTanks1594] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRun: [D-Link D-Link DWA-125] "c:\program files\d-link\dwa-125 reva\AirGCFG.exe"
mRun: [WZCSLDR2] "c:\program files\d-link\dwa-125 reva\WZCSLDR2.exe"
mRun: [apyyjtki] "c:\documents and settings\admin\local settings\application data\ipljcsdta\oiqhwkashdw.exe"
mRun: [qkovlqqm] "c:\documents and settings\normal\local settings\application data\dgvtwcydj\pfmfopgshdw.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRunServices: [baka1] "c:\documents and settings\admin\application data\msa\baka1.exe"
mRunServices: [GladiatorTanks4854] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [QuickTimeResourcesQuickTimeResources7.6.4] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRunServices: [Graphicsresources] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [WebKitUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [HelpHelp2.05.50727.42] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [SQLite3pthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [TranscoderSonicTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [QuickTimeResourcesQuickTime] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRunServices: [DDTranscoderTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [QuickTimeQuickTimeResources] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRunServices: [DDTranscoderProduct1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [QuickTimeResourcesQuickTimeResources] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRunServices: [QuickTimeQuickTimeResources7.6.4] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRunServices: [QuickTimeResourcesQuickTime7.6.4] "c:\program files\quicktime\propertypanels\panelhelperbase.resources\ja.lproj\quicktimeresourcesquicktimeresources.exe"
mRunServices: [GraphicsCatalyst] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [TanksGladiator16565] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [zlib1objc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [HelpHXVZUI] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [nameSonic] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [TranscoderDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [nameMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [TranscoderSonicTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [namename5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [HXDSUIHelp] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [GladiatorTanks] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [MicrosoftMicrosoft] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [WebKitobjc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [HXDSUIMicrosoft] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [PluginProduct] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [objc4zlib1] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [HelpMicrosoft] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [libobjcWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [HelpHXDSUI] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [TanksGladiator] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [pthreadVCicudt40531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [HelpHelp] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [HXVZUIMicrosoft] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [MCTranscoderSonicTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [Unicodeicuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [CoreGraphicsSQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [CoreGraphicsUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SonicTranscoderPluginTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [UnicodeInternational] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [TranscoderMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [objc4SQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [PluginDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [DDTranscoderProduct] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [InternationalWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SonicTranscoderPluginTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [SonicTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [CoreFoundationQTMovieWin531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SonicTranscodername] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [TODOMCTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [icuin40QTMovieWin] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [DDTranscoderSonic5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [WebKitWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [MCTranscoderPluginSonicTranscoderPlugin5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [TranscoderDDTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [Componentszlib1] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [icuin40objc4531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [zlibUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [MCTranscoderPluginSonic5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [TranscoderSonic1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [Unicodelibobjc40032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [WebKitCoreFoundation] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [TODOTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [objc4QTMovieWin] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [DDTranscoderMCTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [TranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [nameTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [icudt40pthreadVC1.2.3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [zlib1QTMovieWin531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [PluginTODO] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [Pluginname5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [MCTranscoderTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [icudt40QTMovieWin] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [TODOSonic] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [PluginProduct5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [Unicodezlib1] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [libobjcicuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [QTMovieWinSQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [icuin40icudt40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [objc4icuin40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [icuuc40icuin40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [MCTranscoderPluginTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [SonicTranscoderPluginname] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [icuin40libobjc] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [WebKiticuin40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SonicTranscoderSonicTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [pthreadVCpthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [QTMovieWinzlib11544190] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [CFNetworkWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [icudt40icuin40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [PluginSonic] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [Transcodername5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [nameMCTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [Internationalobjc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [MCTranscoderPluginSonicTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [WebKitlibobjc40032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [pthreadVCWebKit1.0.60] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [nameSonicTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [DDTranscoderTODO5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [PluginMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [nameMCTranscoderPlugin5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [CoreFoundationUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [nameProduct1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [pthreadVCicuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [ProductPlugin5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [zlibCoreGraphics] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [TranscoderTODO] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [ComponentsSQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SonicTranscoderTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [SonicSonicTranscoder1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [pthreadVCSQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [zlib1WebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [TranscoderProduct] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [icuin40WebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [Unicodezlib] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [Transcodername] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [SonicDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [icuuc40zlib127011200] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [TODOSonicTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [SonicPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [ProductSonicTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [SonicTranscoderPluginDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [objc4pthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [pthreadVCQTMovieWin] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [zlib1icuin40143523] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [QTMovieWinicuin40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [namePlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [zlib1SQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [Sonicname] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [MCTranscoderPluginMCTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [SonicTranscoderSonicTranscoderPlugin5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [zlibWebKit40032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [icuin40Components] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [PluginTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [namename] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [objc4WebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [pthreadVCCoreGraphics] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [ProductTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [SQLite3icuuc4040032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [zlib1pthreadVC] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SonicTranscoderPluginMCTranscoderPlugin5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [TranscoderTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [icudt40zlib] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [namePlugin1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [icuin40CFNetwork] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SonicMCTranscoder1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [DDTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [UnicodeWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [zlib1zlib143523] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [Pluginname] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [WebKitJavaScriptCore3.6.1274.2] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [ProductMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [objc4WebKit3.6.1274.2] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [MCTranscoderTODO] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [icuuc40icuin40531.21.8] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [MCTranscoderSonic1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [MCTranscoderPluginDDTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [objc4icudt40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SQLite3icuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [pthreadVCComponents] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [WebKitWebKit40032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [WebKitCFNetwork] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [zlibicuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [CFNetworkobjc4] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [CFNetworkSQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [QTMovieWinUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [icudt40WebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [TranscoderTODO1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [nameMCTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [PluginMCTranscoder5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [objc4CoreGraphics] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [QTMovieWinlibobjc1544190] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [pthreadVCzlib1] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [zlib1icuuc40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [DDTranscoderMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [libobjcSQLite3] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SonicTranscoderPluginSonic5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [zlibWebKit] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [nameSonic5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [Unicodelibobjc] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [objc4Unicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SonicTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [SonicTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [pthreadVCUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [UnicodeUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [TranscoderTODO5.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [SQLite3zlib] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [Transcodername1.0.0.1] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [CoreGraphicsicuin40] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [ProductTranscoder] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [icuuc40zlib1] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [TODOMCTranscoderPlugin] "c:\program files\dell\media experience\transcoderplugins\transcodertodo.exe"
mRunServices: [QTMovieWinCoreGraphics40032] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [CatalystGraphics] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [InternationalUnicode] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [CatalystCaste1.2.2314.20182] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [DashboardGraphics] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [CentreGraphics] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [zlib1JavaScriptCore] "c:\program files\common files\apple\apple application support\icudt40icuin4040032.exe"
mRunServices: [SkinFactoryresources1.2.2314.20323] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [MicrosoftMicrosoft2.05.50727.42] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [TanksGladiator18038] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [HXVZUIHelp] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [Aspectresources] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [HXDSUIMicrosoft2.05.50727.42.0507274200] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [Erecordresources] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [DashboardAspect] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [MicrosoftHelp] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [OverDrive2Aspect] "c:\program files\ati technologies\ati.ace\cs\verylargedesktopdevicelcd.exe"
mRunServices: [TanksGladiator28768] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [HXVZUIHelp2.05.50727.42] "c:\program files\common files\microsoft shared\help\1033\microsoftmicrosoft.exe"
mRunServices: [GladiatorTanks28049] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [TanksGladiator292] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [GladiatorTanks29271] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [TanksGladiator24370] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [GladiatorTanks24962] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [TanksGladiator18756] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [GladiatorTanks29301] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [TanksGladiator4872] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [TanksGladiator12254] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [GladiatorTanks20968] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
mRunServices: [GladiatorTanks12259] "c:\program files\city of heroes\customvillaingroup\tanksgladiator.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Web-Based Email Tools - hxxp://email00.secureserver.net/Download.CAB
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\normal\applic~1\mozilla\firefox\profiles\eq8c81t7.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-2 29808]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-5-2 1201640]
R3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Drt2870.sys [2010-6-27 779136]
S2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [2010-6-27 29411]
S2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\d-link\dwa-125 reva\ANIWZCSdS.exe [2010-6-27 126976]
S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\d-link\dwa-125 reva\ANIWConnService.exe [2010-6-27 40960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 136176]
S2 HPFECP12;HPFECP12;c:\windows\system32\drivers\HPFecp12.sys [1998-10-19 52800]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-08-16 03:43:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-15 20:03:14 0 ----a-w- c:\documents and settings\normal\defogger_reenable
2010-08-13 02:30:36 283648 ----a-w- c:\windows\uninst.exe
2010-08-13 02:28:34 0 d-----w- c:\program files\Might and Magic VI
2010-08-12 01:16:24 72192 ----a-w- C:\tasklist.exe
2010-08-09 22:25:22 0 d-----w- c:\program files\common files\AnswerWorks 5.0
2010-08-09 22:25:01 3839264 ----a-w- c:\windows\system32\cdintf300.dll
2010-08-09 22:24:11 0 d-----w- c:\program files\Quicken
2010-08-09 22:23:55 165 ----a-w- c:\windows\QUICKEN.INI
2010-08-07 11:49:47 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap

==================== Find3M ====================

2010-07-04 16:36:51 19558 ----a-w- c:\windows\hpoins01.dat
2010-07-03 12:27:22 37027 ----a-w- c:\windows\atmoUn.exe
2010-06-27 16:14:24 48640 ----a-w- c:\windows\system32\ANPD64.SYS
2010-06-27 16:14:24 315392 ----a-w- c:\windows\system32\ANPDApi.dll
2010-06-27 16:14:24 29411 ----a-w- c:\windows\system32\ANPD.SYS
2009-10-16 07:18:05 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 21:51:23.96 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/2/2009 4:17:00 PM
System Uptime: 8/16/2010 8:54:07 AM (13 hours ago)

Motherboard: Dell Computer Corp. | | 0R8060
Processor: Intel® Celeron® CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 5.978 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP12825: 5/18/2010 6:15:28 AM - System Checkpoint
RP12826: 5/19/2010 7:15:27 AM - System Checkpoint
RP12827: 5/20/2010 8:15:26 AM - System Checkpoint
RP12828: 5/21/2010 9:15:26 AM - System Checkpoint
RP12829: 5/22/2010 10:35:48 AM - System Checkpoint
RP12830: 5/24/2010 7:13:04 AM - System Checkpoint
RP12831: 5/25/2010 7:32:28 AM - System Checkpoint
RP12832: 5/26/2010 3:00:17 AM - Software Distribution Service 3.0
RP12833: 5/27/2010 3:18:36 AM - System Checkpoint
RP12834: 5/28/2010 4:18:38 AM - System Checkpoint
RP12835: 5/29/2010 5:18:36 AM - System Checkpoint
RP12836: 5/30/2010 7:17:32 AM - System Checkpoint
RP12837: 5/31/2010 12:05:23 PM - System Checkpoint
RP12838: 6/1/2010 12:15:17 PM - System Checkpoint
RP12839: 6/2/2010 11:22:11 PM - System Checkpoint
RP12840: 6/4/2010 12:10:19 AM - System Checkpoint
RP12841: 6/5/2010 2:33:57 AM - System Checkpoint
RP12842: 6/6/2010 2:58:35 AM - System Checkpoint
RP12843: 6/7/2010 3:10:23 AM - System Checkpoint
RP12844: 6/8/2010 4:08:01 AM - System Checkpoint
RP12845: 6/9/2010 5:08:01 AM - System Checkpoint
RP12846: 6/10/2010 6:08:01 AM - System Checkpoint
RP12847: 6/11/2010 7:08:02 AM - System Checkpoint
RP12848: 6/12/2010 3:00:17 AM - Software Distribution Service 3.0
RP12849: 6/13/2010 5:40:07 PM - System Checkpoint
RP12850: 6/14/2010 6:31:59 PM - System Checkpoint
RP12851: 6/15/2010 7:31:59 PM - System Checkpoint
RP12852: 6/16/2010 8:31:59 PM - System Checkpoint
RP12853: 6/17/2010 9:31:59 PM - System Checkpoint
RP12854: 6/18/2010 10:31:59 PM - System Checkpoint
RP12855: 6/19/2010 11:31:59 PM - System Checkpoint
RP12856: 6/21/2010 3:06:56 AM - System Checkpoint
RP12857: 6/22/2010 4:53:54 AM - System Checkpoint
RP12858: 6/23/2010 3:00:18 AM - Software Distribution Service 3.0
RP12859: 6/24/2010 3:00:18 AM - Software Distribution Service 3.0
RP12860: 6/25/2010 4:55:03 AM - System Checkpoint
RP12861: 6/26/2010 5:45:32 AM - System Checkpoint
RP12862: 6/27/2010 11:50:28 AM - System Checkpoint
RP12863: 6/27/2010 12:14:11 PM - Installed D-Link DWA-125
RP12864: 6/28/2010 12:34:48 PM - System Checkpoint
RP12865: 6/29/2010 1:35:47 PM - System Checkpoint
RP12866: 6/30/2010 2:34:43 PM - System Checkpoint
RP12867: 7/1/2010 3:34:43 PM - System Checkpoint
RP12868: 7/2/2010 3:34:52 PM - System Checkpoint
RP12869: 7/3/2010 5:47:27 PM - System Checkpoint
RP12870: 7/4/2010 10:28:11 AM - Removed H&R Block Tax Offer
RP12871: 7/4/2010 12:32:16 PM - Installed HP Photo and Imaging 2.0 - All-in-One
RP12872: 7/4/2010 12:34:33 PM - Installed HP Photo and Imaging 2.0 - All-in-One Drivers
RP12873: 7/4/2010 12:37:02 PM - Installed hp psc 2200 series
RP12874: 7/5/2010 12:56:41 PM - System Checkpoint
RP12875: 7/6/2010 1:22:34 PM - System Checkpoint
RP12876: 7/7/2010 2:22:35 PM - System Checkpoint
RP12877: 7/8/2010 3:22:35 PM - System Checkpoint
RP12878: 7/9/2010 4:22:39 PM - System Checkpoint
RP12879: 7/10/2010 5:20:28 PM - System Checkpoint
RP12880: 7/11/2010 6:17:34 PM - System Checkpoint
RP12881: 7/12/2010 6:59:03 PM - System Checkpoint
RP12882: 7/13/2010 7:53:52 PM - System Checkpoint
RP12883: 7/14/2010 8:44:10 PM - System Checkpoint
RP12884: 7/15/2010 9:03:46 PM - System Checkpoint
RP12885: 7/16/2010 9:53:55 PM - System Checkpoint
RP12886: 7/17/2010 10:54:06 PM - System Checkpoint
RP12887: 7/19/2010 7:18:49 AM - System Checkpoint
RP12888: 7/20/2010 7:19:49 AM - System Checkpoint
RP12889: 7/21/2010 8:02:55 AM - System Checkpoint
RP12890: 7/22/2010 8:17:55 AM - System Checkpoint
RP12891: 7/23/2010 9:02:55 AM - System Checkpoint
RP12892: 7/24/2010 10:02:54 AM - System Checkpoint
RP12893: 7/25/2010 10:16:55 AM - System Checkpoint
RP12894: 7/26/2010 11:04:15 AM - System Checkpoint
RP12895: 7/27/2010 11:18:46 AM - System Checkpoint
RP12896: 7/28/2010 12:18:46 PM - System Checkpoint
RP12897: 7/29/2010 1:18:46 PM - System Checkpoint
RP12898: 7/30/2010 2:18:45 PM - System Checkpoint
RP12899: 7/31/2010 2:50:56 PM - System Checkpoint
RP12900: 8/1/2010 3:50:56 PM - System Checkpoint
RP12901: 8/2/2010 4:02:50 PM - System Checkpoint
RP12902: 8/3/2010 4:06:38 PM - System Checkpoint
RP12903: 8/4/2010 5:02:50 PM - System Checkpoint
RP12904: 8/5/2010 6:02:51 PM - System Checkpoint
RP12905: 8/6/2010 6:25:15 PM - System Checkpoint
RP12906: 8/7/2010 6:37:03 PM - System Checkpoint
RP12907: 8/8/2010 7:25:18 PM - System Checkpoint
RP12908: 8/9/2010 7:49:31 PM - System Checkpoint
RP12909: 8/10/2010 8:26:23 PM - System Checkpoint
RP12910: 8/11/2010 9:33:46 PM - System Checkpoint
RP12911: 8/12/2010 11:20:06 PM - System Checkpoint
RP12912: 8/13/2010 11:55:02 PM - System Checkpoint
RP12913: 8/15/2010 3:43:50 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Acrobat - Reader 6.0.2 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Baldur's Gate™ II - Shadows of Amn™
Bonjour
Champions Online
Chuzzle Deluxe 1.0
Compatibility Pack for the 2007 Office system
D-Link DWA-125
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Dell System Restore
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.10.01.801
DVD Decrypter (Remove Only)
EarthLink setup files
FlipShare
Frets On Fire
Get High Speed Internet!
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP DeskJet 880C Series (Remove only)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
Icewind Dale
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 16
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Document Explorer 2005
Microsoft Office Basic Edition 2003
Microsoft Picture It! Express 2.0
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual Studio 2005 Professional Edition - ENU
Might and Magic® VI
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Pando Media Booster
Photo Click
PokerStars.net
PowerDVD 5.3
Professor Franklin (Remove only)
QuickBooks Simple Start Special Edition
Quicken 2009
QuickTime
RealPlayer
RealUpgrade 1.0
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spy Sweeper Core
TreeSize Free V2.3.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Warcraft III
WebEx Support Manager for Internet Explorer
WebFldrs XP
Webroot AntiVirus with Spy Sweeper
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

8/15/2010 5:31:49 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HAYNES002 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4371DC36-A7DF-44C1. The master browser is stopping or an election is being forced.
8/15/2010 2:50:57 PM, error: Service Control Manager [7034] - The D_Link_DWA-125 Service service terminated unexpectedly. It has done this 1 time(s).
8/15/2010 11:39:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/15/2010 11:08:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
8/15/2010 11:07:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/15/2010 10:54:37 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file pchshell.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
8/15/2010 10:54:37 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file notiflag.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
8/15/2010 10:54:37 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file msinfo.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.0.1230.
8/15/2010 10:54:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file msconfig.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
8/15/2010 10:54:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file hscupd.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
8/15/2010 10:54:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file helpsvc.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
8/15/2010 10:54:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file helphost.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
8/15/2010 10:54:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file helpctr.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
8/15/2010 10:54:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file hcappres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
8/15/2010 10:54:23 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file brpinfo.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
8/14/2010 9:54:52 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/14/2010 7:52:53 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/14/2010 7:52:53 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/13/2010 11:16:55 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
8/13/2010 11:16:37 PM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-15 21:00:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Normal\LOCALS~1\Temp\uwlirpog.sys


---- System - GMER 1.0.15 ----

SSDT 8A69D128 ZwAllocateVirtualMemory
SSDT 8A71B468 ZwCreateKey
SSDT 8A721450 ZwCreateProcess
SSDT 8A69D5D8 ZwCreateProcessEx
SSDT 8A69D3F8 ZwCreateThread
SSDT 8A71B3C0 ZwDeleteKey
SSDT 8A71B200 ZwDeleteValueKey
SSDT 8A69D1A0 ZwQueueApcThread
SSDT 8A699F30 ZwReadVirtualMemory
SSDT 8A6E2180 ZwRenameKey
SSDT 8A69D290 ZwSetContextThread
SSDT 8A6DD0A0 ZwSetInformationKey
SSDT 8A69D4E8 ZwSetInformationProcess
SSDT 8A69D308 ZwSetInformationThread
SSDT 8A71C900 ZwSetValueKey
SSDT 8A69D470 ZwSuspendProcess
SSDT 8A69D218 ZwSuspendThread
SSDT 8A69D560 ZwTerminateProcess
SSDT 8A69D380 ZwTerminateThread
SSDT 8A699FA8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 108 804E2774 1 Byte [50]
.text ntoskrnl.exe!_abnormal_termination + 3DC 804E2A48 8 Bytes CALL 88D89421
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77F2760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB8FBCF80]
init C:\WINDOWS\System32\drivers\HPFECP12.SYS entry point in "init" section [0x9AC59080]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[948] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[948] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[948] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[948] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1244] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00DF000A
.text C:\WINDOWS\System32\svchost.exe[1244] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EA000A
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[2004] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\WINDOWS\Explorer.EXE[3004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[3004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[3004] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3680] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3680] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3680] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3680] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\Tcpip \Device\Ip 8A005358
Device \Driver\Tcpip \Device\Ip 89FE1540
Device \Driver\Tcpip \Device\Tcp 8A005358
Device \Driver\Tcpip \Device\Tcp 89FE1540
Device \Driver\Tcpip \Device\Udp 8A005358
Device \Driver\Tcpip \Device\Udp 89FE1540
Device \Driver\Tcpip \Device\RawIp 8A005358
Device \Driver\Tcpip \Device\RawIp 89FE1540
Device \Driver\Tcpip \Device\IPMULTICAST 8A005358
Device \Driver\Tcpip \Device\IPMULTICAST 89FE1540

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:34 PM

Posted 24 August 2010 - 06:49 AM

Hello zimul8r

Welcome to BleepingComputer smile.gif
==========================

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 zimul8r

zimul8r
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 24 August 2010 - 10:22 AM

Thx Kahdah. I knew it was a bad infection. Luckily this is only a game and casual browsing pc for us. I've gone ahead and rebuilt it with the built in factory reset wipe and it all looks pretty stable now. Got some reinstalls to do, but good to know I didn't waste a lot of time trying to salvage it. Thx for the help.

Z


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:34 PM

Posted 24 August 2010 - 01:11 PM

You are welcome smile.gif


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users