Help Please Nasty Virus (Resolved )

Unknown · July 2009

Hello -
I'm hoping you can help me. I think my computer may have a virus/malware. When I do a search on google using internet exporer It goes to a white page with QFxZ-CAA in the upper right corner. I also keep getting the microsoft warning box that IE has caused an error. And today while searching your forum in firefox new tabs kept popping up fast and repeatedly. I have run McAffe virus scan and AdAware but that hasn't helped. I just downloaded Malwarebytes but haven't run it yet. Any help would be appreciated.

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:33 AM, on 7/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldocoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {df71cc8f-f407-48ea-9d18-f66374e415ac} - C:\WINDOWS\system32\kefuguhi.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PlatriumWeather] "C:\Program Files\Platrium\bin\1.2.103.0\Weather.exe" -auto
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zosazobuvi] Rundll32.exe "C:\WINDOWS\system32\korediri.dll",s
O4 - HKLM\..\Run: [CPM4f9ef200] Rundll32.exe "c:\windows\system32\sorofita.dll",a
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [zosazobuvi] Rundll32.exe "C:\WINDOWS\system32\korediri.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [zosazobuvi] Rundll32.exe "C:\WINDOWS\system32\korediri.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n024p/EN/install/gtdownlr.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://healthweb.stjohn.org/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/,DanaInfo=.acxBvnmyGkxw+LocalExec.CAB
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/Customer/Uploading/activex/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D589D0E5-C349-4014-9837-827B25B41A4A} (GetClientInfo Control) - https://healthweb.stjohn.org/CommonAccessWeb/ActiveX/,DanaInfo=.acxedDxpo0Imzy+GetClientInfo.ocx
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://healthweb.stjohn.org/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\tijevilu.dll c:\windows\system32\sorofita.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sorofita.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sorofita.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O24 - Desktop Component 1: (no name) - file:///C:/Webs/NewDIP/MasTequila.htm

--
End of file - 22239 bytes

Katana · July 2009

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

AdAware
Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable AdWatch:

Open AdAware
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.

Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 2

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

Step 3

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

MalwareBytes Log
RSIT Logs
Gmer Log
How are things running now ?

omgicst · July 2009

Katana - thanks for your help!! I really appreciate it.

I'm almost done doing the steps you asked - I have to run the GMER again, as it froze the computer after several hours. I'll try again and post the logs tonight.

omgicst · July 2009

Katana -

Here are the requested logs. There will be 2 logs from Malwarebytes because I ran a quick scan shortly after my first post here then I ran a full scan after I received your instructions...

Malwarebytes (first quick scan):

Malwarebytes' Anti-Malware 1.38
Database version: 2397
Windows 5.1.2600 Service Pack 2

7/9/2009 8:15:03 AM
mbam-log-2009-07-09 (08-15-03).txt

Scan type: Quick Scan
Objects scanned: 127770
Time elapsed: 13 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\luwapeta.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jezegisu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\sorofita.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df71cc8f-f407-48ea-9d18-f66374e415ac} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{df71cc8f-f407-48ea-9d18-f66374e415ac} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df71cc8f-f407-48ea-9d18-f66374e415ac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm4f9ef200 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zosazobuvi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PlatriumWeather (Adware.ZangoPlatrium) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\luwapeta.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\luwapeta.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sorofita.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\sorofita.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yelosuso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jezegisu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\luwapeta.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\negonito.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Malwarebytes (second full scan):

Malwarebytes' Anti-Malware 1.38
Database version: 2397
Windows 5.1.2600 Service Pack 2

7/10/2009 10:41:20 AM
mbam-log-2009-07-10 (10-41-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 447166
Time elapsed: 3 hour(s), 57 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\{8928e3c2-3767-4adc-b470-9b87a98e3b0d}\OFFLINE\71747601\2302A1E7\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP710\A0149094.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.

omgicst · July 2009

RSIT log file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-07-10 10:51:23
Microsoft Windows XP Professional Service Pack 2
System drive C: has 331 GB (71%) free of 468 GB
Total RAM: 3582 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:30 AM, on 7/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n024p/EN/install/gtdownlr.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://healthweb.stjohn.org/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/,DanaInfo=.acxBvnmyGkxw+LocalExec.CAB
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/Customer/Uploading/activex/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D589D0E5-C349-4014-9837-827B25B41A4A} (GetClientInfo Control) - https://healthweb.stjohn.org/CommonAccessWeb/ActiveX/,DanaInfo=.acxedDxpo0Imzy+GetClientInfo.ocx
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://healthweb.stjohn.org/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O24 - Desktop Component 1: (no name) - file:///C:/Webs/NewDIP/MasTequila.htm

--
End of file - 21253 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{55FBFD6F-54BD-44A7-9F9D-D77B62135FFD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-07-20 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96372AB6-15EB-4316-B497-71C741BC548C}]
Easy Gif Animator Toolbar Helper - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll [2008-02-23 827392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-30 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-08-23 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-22 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-30 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-07-20 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{35065594-9169-4A34-B167-FC4865038E53} - Easy Gif Animator Toolbar - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll [2008-02-23 827392]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-07-20 262144]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-30 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"ftutil2"=ftutil2.dll,SetWriteCacheMode []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"nwiz"=nwiz.exe /install []
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Adobe Version Cue CS2"=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-07 50688]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
""= []
"Adobe Photo Downloader"=C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe [2008-04-01 61440]
"dldomon.exe"=C:\Program Files\Dell 968 AIO Printer\dldomon.exe [2007-10-05 455920]
"MemoryCardManager"=C:\Program Files\Dell 968 AIO Printer\memcard.exe [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"=C:\Program Files\Dell 968 AIO Printer\fm3032.exe [2007-10-05 312560]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2007-01-16 4838952]
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-08 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-29 68856]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
hueyTray.lnk - C:\Program Files\Pantone\huey\hueyTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
Sprint media monitor.lnk - C:\WINDOWS\RM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe"="C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe:*:Disabled:Wheel of Fortune"
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE"="C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage"
"C:\Documents and Settings\HP_Administrator\Local Settings\Temp\dldo\wireless\ENGLISH\dldowpss.exe"="C:\Documents and Settings\HP_Administrator\Local Settings\Temp\dldo\wireless\ENGLISH\dldowpss.exe:*:Enabled: "
"C:\WINDOWS\system32\dldocoms.exe"="C:\WINDOWS\system32\dldocoms.exe:*:Enabled:Dell Communications System"
"C:\Program Files\Dell 968 AIO Printer\dldomon.exe"="C:\Program Files\Dell 968 AIO Printer\dldomon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe:*:Enabled:Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Dell 968 AIO Printer\dldoaiox.exe"="C:\Program Files\Dell 968 AIO Printer\dldoaiox.exe:*:Enabled:AIOC exe"
"C:\Program Files\Dell 968 AIO Printer\DLDOFax.exe"="C:\Program Files\Dell 968 AIO Printer\DLDOFax.exe:*:Enabled:Fax Solutions Software"
"C:\Program Files\Dell 968 AIO Printer\dldoafcn.exe"="C:\Program Files\Dell 968 AIO Printer\dldoafcn.exe:*:Enabled: "
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer"
"C:\WINDOWS\system32\Wacom_Tablet.exe"="C:\WINDOWS\system32\Wacom_Tablet.exe:*:Enabled:Wacom_Tablet"
"C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-07-10 10:51:23 ----D---- C:\rsit
2009-07-09 05:51:16 ----D---- C:\Program Files\Trend Micro
2009-07-09 05:14:13 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-08 21:38:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-08 20:15:08 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-08 20:15:02 ----D---- C:\Program Files\Lavasoft
2009-06-11 08:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 08:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 08:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 08:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-07-10 10:51:26 ----D---- C:\WINDOWS\Prefetch
2009-07-10 10:51:24 ----D---- C:\WINDOWS\Temp
2009-07-10 10:47:27 ----D---- C:\Program Files\Mozilla Firefox
2009-07-10 10:47:18 ----AD---- C:\WINDOWS
2009-07-10 10:46:09 ----D---- C:\WINDOWS\Registration
2009-07-10 10:45:25 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\WTablet
2009-07-10 10:45:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-10 10:43:29 ----D---- C:\WINDOWS\system32\drivers
2009-07-10 10:43:29 ----D---- C:\Program Files
2009-07-10 10:42:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-09 08:17:57 ----D---- C:\WINDOWS\system32
2009-07-08 21:33:43 ----SHD---- C:\WINDOWS\Installer
2009-07-08 21:33:43 ----HD---- C:\Config.Msi
2009-07-08 21:33:40 ----D---- C:\Program Files\Blaze Media Pro
2009-07-08 20:27:18 ----HD---- C:\WINDOWS\inf
2009-07-08 20:27:17 ----SD---- C:\WINDOWS\Tasks
2009-07-08 20:27:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-08 20:15:02 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-08 20:14:57 ----D---- C:\WINDOWS\WinSxS
2009-07-08 20:14:53 ----D---- C:\Program Files\Common Files
2009-07-05 03:02:33 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-27 12:03:39 ----SD---- C:\WINDOWS\Fonts
2009-06-20 12:28:51 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2009-06-11 08:38:39 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-11 08:38:04 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-06-11 08:37:56 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 08:37:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 08:37:18 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 08:37:18 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2006-04-20 82048]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-05-16 229376]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-09 9728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-30 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-09 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MusCDriverV32;MusCDriverV32; C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2008-06-04 508544]
S3 MusCVideo32;MusCVideo32; C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2008-06-04 3768]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-05-11 554616]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 dldo_device;dldo_device; C:\WINDOWS\system32\dldocoms.exe [2007-10-05 595184]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ELService;Intel(R) Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe [2006-06-01 180224]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-09 14336]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2008-07-26 181312]
R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-05 654848]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-09 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-10-31 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Droppix Service;Droppix Service; C:\Program Files\Common Files\Droppix\DxService.exe [2007-09-28 135168]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-09 267776]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-30 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-08 1029456]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-05-11 2983544]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-09 14336]

EOF

omgicst · July 2009

RSIT info log:

info.txt logfile of random's system information tool 1.06 2009-07-10 10:51:32

======Uninstall list======

-->"C:\Program Files\HP Games\Airstrike 2 Gulf Thunder\Uninstall.exe"
-->"C:\Program Files\HP Games\Alien Shooter\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=g:\adobe creative suite 2.0/lang=0409
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Anfy-->C:\PROGRA~1\AnfyTeam\UNWISE.EXE C:\PROGRA~1\AnfyTeam\INSTALL.LOG
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Blaze Media Pro-->"C:\Documents and Settings\All Users\Application Data\{8928E3C2-3767-4ADC-B470-9B87A98E3B0D}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon i9900-->C:\WINDOWS\system32\CNMCP5p.exe "-PRINTERNAMECanon i9900" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i9900 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i9900 Installer\Inst2\cnmi0409.dll"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Color LaserJet 2600n-->C:\Program Files\Zenographics\{1F97804E-9064-4790-A30A-7FAFF4954277}\setup.exe -u "HPCLJKCInstaller.dll=CLJ2600.INF"
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Corel Painter Essentials 3-->MsiExec.exe /I{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Dell 968 AIO Printer-->C:\Program Files\Dell 968 AIO Printer\Install\x86\Uninst.exe
DesignPro 5.4 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}
Direct MP3 Splitter Joiner 2.3-->"C:\Program Files\Direct MP3 Splitter Joiner\unins000.exe"
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Droppix Label Maker 2.9.1-->"C:\Program Files\Droppix\Droppix Label Maker\unins000.exe"
Easy GIF Animator 4.5-->"C:\Program Files\Easy GIF Animator\unins000.exe"
Easy Gif Animator Extension-->"C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_2125.exe" _?=C:\Program Files\Easy Gif Animator Extension
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ExpressDigital Darkroom Web Edition V8.8-->MsiExec.exe /X{7210BFE2-5045-4F9C-8F9D-4AE844F93A75}
Flash Album Creator v1.7.4.949-->"C:\Program Files\Flash Album Creator\uninstall.exe"
Freeware PDF Unlocker-->MsiExec.exe /X{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
H&H Color Lab's Digital Studio v5 5-->C:\Program Files\LabPrints\H&H Color Lab's Digital Studio v5\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
HTML Calendar Maker Pro-->C:\PROGRA~1\HTMLCA~1\UNWISE.EXE C:\PROGRA~1\HTMLCA~1\INSTALL.LOG
huey 1.0-->C:\PROGRA~1\Pantone\huey\UNWISE.EXE C:\PROGRA~1\Pantone\huey\INSTALL.LOG
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) Quick Resume Technology Drivers-->C:\WINDOWS\System32\Elusetup.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logo Design Studio-->"C:\WINDOWS\Logo Design Studio\uninstall.exe" "/U:C:\Program Files\Summitsoft\Logo Design Studio\Uninstall\uninstall.xml"
Macromedia Contribute 3.11-->MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
MainType 2.1.1-->"C:\Program Files\High-Logic\MainType\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Memorex exPressit Label Design Studio-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003 60 days trial-->c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
Microsoft Picture It! Photo Premium 9-->C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Millers Remote Studio-->"C:\Program Files\InstallShield Installation Information\{C2DC33E3-C402-444C-AF48-DDC6323BE332}\setup.exe" -runfromtemp -l0x0409 -removeonly
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
namesuppressed Plaid Lite-->"C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Plaid Lite\Uninstall.exe"
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
nik Color Efex Pro 2.0 IE-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\nik Color Efex Pro 2.0 IE\uninstal.log
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Opera 9.02-->MsiExec.exe /X{738179D8-3D76-4AFF-A7BE-AEF3B4370CB4}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Outlook Express Backup V6.5-->"C:\Program Files\Genie-Soft\Outlook Express Backup V6.5\unins000.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Peachtree Complete Accounting 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1B4A246D-3F30-45DA-ABFF-FF5C768F9A74}
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
Photomatix Pro version 2.3.3-->"C:\Program Files\Photomatix\unins000.exe"
Portraiture Plug-in-->MsiExec.exe /I{8F378798-88D8-4FA1-AB74-F035542133A6}
Preset Viewer DEMO-->MsiExec.exe /I{19C6524F-9266-4D26-AF7E-428CFD016C06}
ProShow Gold-->C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RawShooter premium 2006-->C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\UNWISE.EXE C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\INSTALL.LOG
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Vegas 6.0d-->MsiExec.exe /X{4F68B605-2F2B-42A8-8689-0CA7E67797B0}
Sprint media manager -->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{8912A~1\Setup.exe /remove /q0
Stamps.com Internet Postage-->C:\PROGRA~1\STAMPS~1.COM\Uninst.exe C:\PROGRA~1\STAMPS~1.COM\UNWISE.EXE C:\PROGRA~1\STAMPS~1.COM\INSTALL.LOG
SureThing Office Labeler 32 bit-->C:\WINDOWS\MVUNINST\App2\unwise.exe C:\WINDOWS\MVUNINST\APP2\INSTALL.LOG "SureThing Office Labeler Uninstall"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ulead DVD MovieFactory 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}\setup.exe" -l0x9
Ulead MediaStudio Pro 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D701F5D-F149-4FAC-AAA2-A36C088C5FE3}\setup.exe" -l0x9
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Vuze-->C:\Program Files\Vuze\uninstall.exe
Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: NHP
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 56529
Source Name: W32Time
Time Written: 20090518082406.000000-240
Event Type: error
User:

Computer Name: NHP
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 56528
Source Name: W32Time
Time Written: 20090518082406.000000-240
Event Type: error
User:

Computer Name: NHP
Event Code: 8003
Message: The master browser has received a server announcement from the computer MAC001EC2131CF0
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FA844BAB-AE4.
The master browser is stopping or an election is being forced.

Record Number: 56510
Source Name: MRxSmb
Time Written: 20090517212548.000000-240
Event Type: error
User:

Computer Name: NHP
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 56495
Source Name: W32Time
Time Written: 20090517164546.000000-240
Event Type: error
User:

Computer Name: NHP
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 56494
Source Name: W32Time
Time Written: 20090517164546.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: NHP
Event Code: 1
Message:
Record Number: 58323
Source Name: nview_info
Time Written: 20090704104127.000000-240
Event Type: error
User:

Computer Name: NHP
Event Code: 1
Message:
Record Number: 58322
Source Name: nview_info
Time Written: 20090704104127.000000-240
Event Type: error
User:

Computer Name: NHP
Event Code: 1
Message:
Record Number: 58301
Source Name: nview_info
Time Written: 20090702211441.000000-240
Event Type: error
User:

Computer Name: NHP
Event Code: 1
Message:
Record Number: 58300
Source Name: nview_info
Time Written: 20090702211441.000000-240
Event Type: error
User:

Computer Name: NHP
Event Code: 1
Message:
Record Number: 58299
Source Name: nview_info
Time Written: 20090702211441.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

EOF

omgicst · July 2009

GMER log (part 1):

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-10 21:41:07
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918BFE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA02EC9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA02EC958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA02EC96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA02ECA57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA02ECA83]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA02ECAF1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA02ECADB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA02EC9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA02ECB1D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA02ECA2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA02EC930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA02EC944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA02EC9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA02ECB59]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA02ECAC5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA02ECAAF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA02ECA6D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA02ECB45]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA02ECB31]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA02EC996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA02EC982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA02ECA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA02ECB07]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA02ECA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA02EC9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80503FE8 7 Bytes JMP A02EC9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577ED2 5 Bytes JMP A02EC9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0A7E 7 Bytes JMP A02EC9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B188C 5 Bytes JMP A02ECA04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6E5E 7 Bytes JMP A02EC9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C9D0A 5 Bytes JMP A02EC934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C9F96 5 Bytes JMP A02EC948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CC754 5 Bytes JMP A02EC986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA2A 7 Bytes JMP A02EC970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFAE0 5 Bytes JMP A02EC95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D0002 5 Bytes JMP A02EC99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1232 5 Bytes JMP A02ECA1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806201E8 7 Bytes JMP A02ECAB3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80620536 5 Bytes JMP A02ECB35 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80620AB6 7 Bytes JMP A02ECB0B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806212FC 7 Bytes JMP A02ECAC9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621B54 7 Bytes JMP A02ECA71 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 806225BE 7 Bytes JMP A02ECA5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062278E 7 Bytes JMP A02ECA87 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8062296E 7 Bytes JMP A02ECAF5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80622BD8 7 Bytes JMP A02ECADF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806234C4 5 Bytes JMP A02ECA31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 806237E8 7 Bytes JMP A02ECB5D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 80623D0E 5 Bytes JMP A02ECB49 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80623E28 5 Bytes JMP A02ECB21 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00930078
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00930F8D
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930F9E
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930FAF
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00930F4B
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00930093
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00930F0B
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00930F26
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00930EFA
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00930F68
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009300AE
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00910FB9
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00910054
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00910039
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00910F97
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00910FA8
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00900FB2
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00900FC3
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00900022
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00900033
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00900011
.text C:\WINDOWS\system32\svchost.exe[724] WININET.dll!InternetOpenA 7806C879 3 Bytes JMP 00920FE5
.text C:\WINDOWS\system32\svchost.exe[724] WININET.dll!InternetOpenA + 4 7806C87D 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[724] WININET.dll!InternetOpenW 7806CEA9 3 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[724] WININET.dll!InternetOpenW + 4 7806CEAD 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[724] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\svchost.exe[724] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00920FC0
.text C:\WINDOWS\system32\svchost.exe[724] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070060
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F75
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070F86
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F97
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070F33
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F44
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070EF6
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F07
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 000700AA
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0007007B
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070F18
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00060073
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00060FB6
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[932] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0005003D
.text C:\WINDOWS\system32\services.exe[932] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FB2
.text C:\WINDOWS\system32\services.exe[932] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FCD
.text C:\WINDOWS\system32\services.exe[932] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[932] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005002C
.text C:\WINDOWS\system32\services.exe[932] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[932] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CF0096
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CF0071
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CF0054
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CF0F97
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CF0FA8
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CF00B8
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CF0F7C
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CF0F1F
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CF0F3A
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CF00D3
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CF002F
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CF00A7
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CF0FCD
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CF0F55
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00CE0098
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00CE002C
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00CE0087
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00CE0076
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00CE005B
.text C:\WINDOWS\system32\lsass.exe[944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD004C
.text C:\WINDOWS\system32\lsass.exe[944] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0031
.text C:\WINDOWS\system32\lsass.exe[944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD000C
.text C:\WINDOWS\system32\lsass.exe[944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\lsass.exe[944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0FC1
.text C:\WINDOWS\system32\lsass.exe[944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD0FDE
.text C:\WINDOWS\system32\lsass.exe[944] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E80062
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E80047
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E80F6D
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E80F94
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E80036
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E80093
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E80F4B
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E80F18
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E80F29
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E80EFD
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E80FAF
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E80011
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E80F5C
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E80FDB
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E80F3A
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00E70FB2
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00E70F86
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00E70FC3
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00E70FD4
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00E70043
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00E70FA1
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00E70028
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E60051
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E60036
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E60011
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E60FC6
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E60FD7
.text C:\WINDOWS\system32\svchost.exe[1116] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AB007D
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AB0F88
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AB0F99
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AB0FC0
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AB0047
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AB008E
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AB0F52
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AB00B0
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AB009F
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00AB0EF2
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00AB0058
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00AB0F63
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00AB002C
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00AB001B
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00AB0F2B
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00AA0FC0
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00AA0047
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00AA0FDB
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00AA001B
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00AA002C
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00AA0F94
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00AA0FA5

omgicst · July 2009

GMER log (part 2):

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A90036
.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A9001B
.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A90FE3
.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A90FB5
.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A90FD2
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A80000
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 05330FE5
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 05330F54
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 05330053
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 05330036
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 05330F79
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 05330F94
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 05330F28
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0533007A
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 05330095
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 05330EFC
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 053300B0
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 05330011
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 05330000
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 05330F43
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 05330FA5
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 05330FCA
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 05330F17
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 05310FC3
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 05310065
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 05310FD4
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 05310FE5
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 05310FB2
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0531000A
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 0531004A
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 0531002F
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04940FB9
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!system 77C293C7 5 Bytes JMP 04940044
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 04940022
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04940000
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 04940033
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04940011
.text C:\WINDOWS\System32\svchost.exe[1220] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 04930FE5
.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 05320FE5
.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 05320FCA
.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 05320FB9
.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 0532000A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00970F83
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00970F9E
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00970078
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0097005B
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00970025
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0097009A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00970089
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00970F19
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009700BC
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009700CD
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00970040
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00970FD4
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00970F68
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00970FC3
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00970014
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009700AB
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00960FCA
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00960F80
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0096001B
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00960FE5
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00960F9B
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00960000
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00960047
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00960036
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00950053
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!system 77C293C7 5 Bytes JMP 00950042
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0095000C
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00950FEF
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00950031
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00950FDE
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00940000
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A90D480 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A90D500 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A90D3E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A90D3C0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A90D420 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A90D400 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A90D3A0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A90D550 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A90D560 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A90D581 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A90D650 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A90D620 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A90D590 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A90D2E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A90D270 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A90D230 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1332] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A90D2B0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00760067
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00760056
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00760F7C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00760F8D
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00760025
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00760F32
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00760F4D
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007600B7
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007600A6
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00760F0D
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00760F9E
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00760FE5
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00760078
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00760FC3
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00760FD4
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00760095
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00750FB2
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 0075002F
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00750FC3
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00750FD4
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00750F72
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00750FEF
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00750014
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00750F97
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00740F81
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!system 77C293C7 5 Bytes JMP 00740F9C
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00740FC1
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00740FE3
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00740016
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00740FD2
.text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00730FE5

omgicst · July 2009

GMER log (part 3):

.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EC0FEF
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EC0040
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EC0F4B
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EC0F5C
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EC0F79
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00EC0FAF
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EC0F30
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EC0078
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EC009D
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EC0F04
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00EC0EE9
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00EC0F94
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00EC0000
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00EC0051
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00EC0FC0
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00EC0011
.text C:\Program Files\Messenger\msmsgs.exe[1516] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00EC0F15
.text C:\Program Files\Messenger\msmsgs.exe[1516] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E30047
.text C:\Program Files\Messenger\msmsgs.exe[1516] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E3002C
.text C:\Program Files\Messenger\msmsgs.exe[1516] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E30011
.text C:\Program Files\Messenger\msmsgs.exe[1516] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E30000
.text C:\Program Files\Messenger\msmsgs.exe[1516] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E30FB2
.text C:\Program Files\Messenger\msmsgs.exe[1516] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E30FD7
.text C:\Program Files\Messenger\msmsgs.exe[1516] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00E40011
.text C:\Program Files\Messenger\msmsgs.exe[1516] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00E40058
.text C:\Program Files\Messenger\msmsgs.exe[1516] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00E40FC0
.text C:\Program Files\Messenger\msmsgs.exe[1516] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00E40FDB
.text C:\Program Files\Messenger\msmsgs.exe[1516] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00E40F91
.text C:\Program Files\Messenger\msmsgs.exe[1516] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00E40000
.text C:\Program Files\Messenger\msmsgs.exe[1516] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00E40033
.text C:\Program Files\Messenger\msmsgs.exe[1516] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00E40022
.text C:\Program Files\Messenger\msmsgs.exe[1516] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E20FEF
.text C:\Program Files\Messenger\msmsgs.exe[1516] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00E5000A
.text C:\Program Files\Messenger\msmsgs.exe[1516] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00E5001B
.text C:\Program Files\Messenger\msmsgs.exe[1516] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00E50036
.text C:\Program Files\Messenger\msmsgs.exe[1516] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00E50FE5
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01200000
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0120006C
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0120005B
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01200F83
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01200F94
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01200FC0
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01200F4B
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01200093
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 012000DA
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 012000BF
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01200F30
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01200FAF
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01200FE5
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01200F5C
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0120002C
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01200011
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 012000AE
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01190040
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01190FAF
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 01190FE5
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0119001B
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01190FC0
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 01190000
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 0119006C
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 0119005B
.text C:\WINDOWS\Explorer.EXE[1816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0115002E
.text C:\WINDOWS\Explorer.EXE[1816] msvcrt.dll!system 77C293C7 5 Bytes JMP 0115001D
.text C:\WINDOWS\Explorer.EXE[1816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01150FB7
.text C:\WINDOWS\Explorer.EXE[1816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01150FE3
.text C:\WINDOWS\Explorer.EXE[1816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0115000C
.text C:\WINDOWS\Explorer.EXE[1816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01150FD2
.text C:\WINDOWS\Explorer.EXE[1816] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 011C0FEF
.text C:\WINDOWS\Explorer.EXE[1816] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 011C000A
.text C:\WINDOWS\Explorer.EXE[1816] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 011C0025
.text C:\WINDOWS\Explorer.EXE[1816] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 011C0036
.text C:\WINDOWS\Explorer.EXE[1816] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01140FEF
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007100B0
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00710FC5
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0071009F
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00710084
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00710062
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007100CB
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00710F8F
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00710F54
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007100F7
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00710108
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00710073
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0071001B
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00710FAA
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00710047
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0071002C
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007100DC
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00700FC3
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00700039
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00700014
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00700FD4
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00700F7C
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00700FEF
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00700F8D
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00700FB2
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006F0FC8
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!system 77C293C7 5 Bytes JMP 006F0053
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006F001D
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006F002E
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006F0FE3
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3108] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3108] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006F0078
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006F0F83
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006F0F94
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006F0FA5
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006F003D
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006F00AB
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006F009A
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006F00FC
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006F00E1
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006F010D
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 006F0FB6
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 006F0089
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 006F002C
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 006F0011
.text C:\WINDOWS\System32\svchost.exe[3432] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006F00D0
.text C:\WINDOWS\System32\svchost.exe[3432] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 006E0FC0
.text C:\WINDOWS\System32\svchost.exe[3432] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 006E0F8D
.text C:\WINDOWS\System32\svchost.exe[3432] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 006E001B
.text C:\WINDOWS\System32\svchost.exe[3432] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[3432] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 006E0F9E
.text C:\WINDOWS\System32\svchost.exe[3432] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[3432] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 006E0036
.text C:\WINDOWS\System32\svchost.exe[3432] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 006E0FAF
.text C:\WINDOWS\System32\svchost.exe[3432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006D0F70
.text C:\WINDOWS\System32\svchost.exe[3432] msvcrt.dll!system 77C293C7 5 Bytes JMP 006D0F8B
.text C:\WINDOWS\System32\svchost.exe[3432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006D0FB7
.text C:\WINDOWS\System32\svchost.exe[3432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[3432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006D0FA6
.text C:\WINDOWS\System32\svchost.exe[3432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006D0FD2
.text C:\WINDOWS\System32\svchost.exe[3432] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006C0000
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006F006F
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006F0F70
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006F0F97
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006F0FB2
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006F0FDE
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006F00A7
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006F0096
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006F0F29
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006F00C2
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006F00E7
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 006F0FC3
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 006F0025
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 006F0F5F
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 006F0040
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[3564] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006F0F4E
.text C:\WINDOWS\System32\svchost.exe[3564] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 006E0FB2
.text C:\WINDOWS\System32\svchost.exe[3564] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 006E004A
.text C:\WINDOWS\System32\svchost.exe[3564] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 006E0FC3
.text C:\WINDOWS\System32\svchost.exe[3564] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 006E0FD4
.text C:\WINDOWS\System32\svchost.exe[3564] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 006E0039
.text C:\WINDOWS\System32\svchost.exe[3564] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[3564] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 006E001E
.text C:\WINDOWS\System32\svchost.exe[3564] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 006E0F97

omgicst · July 2009

GMER log (part 4):

.text C:\WINDOWS\System32\svchost.exe[3564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006D0F7F
.text C:\WINDOWS\System32\svchost.exe[3564] msvcrt.dll!system 77C293C7 5 Bytes JMP 006D0F90
.text C:\WINDOWS\System32\svchost.exe[3564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006D0FC6
.text C:\WINDOWS\System32\svchost.exe[3564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[3564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006D0FB5
.text C:\WINDOWS\System32\svchost.exe[3564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[3564] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00930073
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00930F7E
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930062
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930FAF
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00930F50
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00930098
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009300B3
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00930F24
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009300C4
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00930F6D
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[3812] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00930F35
.text C:\WINDOWS\system32\svchost.exe[3812] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00920FE5
.text C:\WINDOWS\system32\svchost.exe[3812] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00920065
.text C:\WINDOWS\system32\svchost.exe[3812] ADVAPI32.dll!RegOpenKeyExA 77DD7832 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[3812] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00920036
.text C:\WINDOWS\system32\svchost.exe[3812] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\svchost.exe[3812] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00920F9E
.text C:\WINDOWS\system32\svchost.exe[3812] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[3812] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00920FAF
.text C:\WINDOWS\system32\svchost.exe[3812] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00920FCA
.text C:\WINDOWS\system32\svchost.exe[3812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0091005A
.text C:\WINDOWS\system32\svchost.exe[3812] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910049
.text C:\WINDOWS\system32\svchost.exe[3812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0091001D
.text C:\WINDOWS\system32\svchost.exe[3812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[3812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910038
.text C:\WINDOWS\system32\svchost.exe[3812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[3812] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00920F3C
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0092003B
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00920F61
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00920F72
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0092001E
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00920084
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00920067
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009200BA
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00920F21
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009200D5
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00920F97
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00920FDE
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00920056
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00920FB2
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00920FCD
.text C:\WINDOWS\system32\svchost.exe[3840] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 0092009F
.text C:\WINDOWS\system32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00910040
.text C:\WINDOWS\system32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00910F9E
.text C:\WINDOWS\system32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0091002F
.text C:\WINDOWS\system32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00910065
.text C:\WINDOWS\system32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00910FB9
.text C:\WINDOWS\system32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[3840] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0090005A
.text C:\WINDOWS\system32\svchost.exe[3840] msvcrt.dll!system 77C293C7 5 Bytes JMP 00900049
.text C:\WINDOWS\system32\svchost.exe[3840] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0090001D
.text C:\WINDOWS\system32\svchost.exe[3840] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[3840] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0090002E
.text C:\WINDOWS\system32\svchost.exe[3840] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0090000C
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F7D
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F8E
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0068
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FAB
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FBC
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00A3
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F5B
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F25
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00B4
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A00D9
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A004D
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0F6C
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0FCD
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A001E
.text C:\WINDOWS\system32\dllhost.exe[4692] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F36
.text C:\WINDOWS\system32\dllhost.exe[4692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00280FB5
.text C:\WINDOWS\system32\dllhost.exe[4692] msvcrt.dll!system 77C293C7 5 Bytes JMP 00280040
.text C:\WINDOWS\system32\dllhost.exe[4692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00280FC6
.text C:\WINDOWS\system32\dllhost.exe[4692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00280FE3
.text C:\WINDOWS\system32\dllhost.exe[4692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0028001B
.text C:\WINDOWS\system32\dllhost.exe[4692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00280000
.text C:\WINDOWS\system32\dllhost.exe[4692] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00290025
.text C:\WINDOWS\system32\dllhost.exe[4692] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00290F79
.text C:\WINDOWS\system32\dllhost.exe[4692] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00290FD4
.text C:\WINDOWS\system32\dllhost.exe[4692] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\dllhost.exe[4692] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00290F8A
.text C:\WINDOWS\system32\dllhost.exe[4692] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\dllhost.exe[4692] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00290FAF
.text C:\WINDOWS\system32\dllhost.exe[4692] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00290036
.text C:\WINDOWS\system32\dllhost.exe[4692] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00790000
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F7C
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F6B
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00B3
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00D8
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F3F
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0F2E
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0014
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0096
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0040
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0025
.text C:\WINDOWS\System32\svchost.exe[5760] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F50
.text C:\WINDOWS\System32\svchost.exe[5760] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00280FA8
.text C:\WINDOWS\System32\svchost.exe[5760] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00280F7C
.text C:\WINDOWS\System32\svchost.exe[5760] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00280FC3
.text C:\WINDOWS\System32\svchost.exe[5760] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00280FD4
.text C:\WINDOWS\System32\svchost.exe[5760] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 0028002F
.text C:\WINDOWS\System32\svchost.exe[5760] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00280FE5
.text C:\WINDOWS\System32\svchost.exe[5760] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00280014
.text C:\WINDOWS\System32\svchost.exe[5760] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00280F8D
.text C:\WINDOWS\System32\svchost.exe[5760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003D0FC1
.text C:\WINDOWS\System32\svchost.exe[5760] msvcrt.dll!system 77C293C7 5 Bytes JMP 003D004C
.text C:\WINDOWS\System32\svchost.exe[5760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003D0027
.text C:\WINDOWS\System32\svchost.exe[5760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003D0FEF
.text C:\WINDOWS\System32\svchost.exe[5760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003D0FD2
.text C:\WINDOWS\System32\svchost.exe[5760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003D000C
.text C:\WINDOWS\System32\svchost.exe[5760] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Elkbd.sys (Intel Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EF01833-098A-1577-21B4-964A9039CDB0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EF01833-098A-1577-21B4-964A9039CDB0}@oakcdepkaphdhlkdjlafncmmajolak 0x64 0x61 0x6A 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EF01833-098A-1577-21B4-964A9039CDB0}@oagphcmeielagnofkjamiagmpkbiba 0x6A 0x61 0x6B 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EF01833-098A-1577-21B4-964A9039CDB0}@namabafbhgdkfnbkmgoibiobocgk 0x69 0x61 0x6A 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EF01833-098A-1577-21B4-964A9039CDB0}@oakcdepkaphdhlkdjlafncmmejoele 0x64 0x61 0x6B 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EF01833-098A-1577-21B4-964A9039CDB0}@oagphcmeielagnofkjamiagmdlfdon 0x6A 0x61 0x6B 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EF01833-098A-1577-21B4-964A9039CDB0}@namabafbhgdkfnbkmgoibicbkdfm 0x69 0x61 0x6A 0x69 ...

---- EOF - GMER 1.0.15 ----

omgicst · July 2009

My system seems to be running 'normally' again! I can do a google search, no more warning box popups, ect...

Katana · July 2009

Information

What AntiVirus do you use ?
There looks to be Symantec and Mcafee components

IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Vuze
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.

Step 1

Download and Run ComboFix (by sUBs)

Please download Commbofix from HERE

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
For a full tutorial on using Combofix, please see this topic
Bleeping Computer ComboFix Tutorial

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Combofix Log

Additional Notes

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )

Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
- Platform = Windows
- Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

omgicst · July 2009

*I am using McAfee for my AntiVirus. I'm not sure about the symantec... the only thing I could find on my computer regarding it was a .txt file

*I removed Vuze - I don't have any other P2P programs do I?

*I updated my Java after I ran ComboFix.

Here is my ComboFix Log:

ComboFix 09-07-09.08 - HP_Administrator 07/11/2009 8:51.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2814 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\kb913800.exe
c:\windows\RM.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\kefuguhi.dll.tmp
c:\windows\system32\korediri.dll.tmp
c:\windows\system32\skinboxer43.dll
c:\windows\system32\tijevilu.dll.tmp
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-10 14:51 . 2009-07-10 14:51

d

w- C:\rsit
2009-07-09 09:51 . 2009-07-09 09:51

d

w- c:\program files\Trend Micro
2009-07-09 09:14 . 2009-07-09 00:26 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-09 01:38 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 01:38 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 01:38 . 2009-07-09 01:39

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 00:27 . 2009-07-09 00:21 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-09 00:27 . 2009-07-09 00:27 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-09 00:26 . 2009-07-09 00:26 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 00:26 . 2009-07-09 00:26 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-09 00:26 . 2009-07-09 00:26 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-09 00:26 . 2009-07-09 00:26 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-09 00:26 . 2009-07-09 00:26 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-09 00:25 . 2009-07-09 00:25 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-09 00:22 . 2009-07-09 00:22 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 00:21 . 2009-07-09 00:21 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-09 00:21 . 2009-07-09 00:21 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-09 00:21 . 2009-07-09 00:21 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-07-09 00:21 . 2009-07-09 00:21 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-09 00:20 . 2009-07-09 00:20 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-09 00:20 . 2009-07-09 00:20 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-09 00:19 . 2009-07-09 00:19 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-09 00:19 . 2009-07-09 00:19 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-09 00:18 . 2009-07-09 00:18 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-09 00:17 . 2009-07-09 00:17 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-09 00:17 . 2009-07-09 00:17 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-09 00:15 . 2009-07-09 00:15

dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 00:15 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-09 00:15 . 2009-07-09 00:15

d

w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 01:52 . 2007-08-13 19:30

d

w- c:\documents and settings\HP_Administrator\Application Data\WTablet
2009-07-09 01:33 . 2008-07-27 22:23

d

w- c:\program files\Blaze Media Pro
2009-07-09 00:15 . 2007-09-10 04:16

d

w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 15:30 . 2006-08-23 15:44 271160 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 12:38 . 2007-12-13 00:04

d

w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-30 08:10 . 2007-01-24 00:14

d

w- c:\documents and settings\HP_Administrator\Application Data\Canon
2009-05-07 15:44 . 2004-08-09 21:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 14:28 . 2007-09-22 18:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-29 04:56 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-09 21:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-09 21:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-10 20:32 . 2006-11-20 00:40 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-07-10 20:32 . 2006-11-20 00:40 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-07-10 20:32 . 2006-11-20 00:40 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-07-10 20:32 . 2006-11-20 00:40 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-07-10 20:32 . 2006-11-20 00:40 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-02-23 03:06 . 2007-12-22 04:06 168 --sh--r- c:\windows\system32\8FC284F08A.sys
2008-02-23 03:06 . 2007-12-22 03:59 4388 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-20 19:38 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-09 520024]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-13 16239616]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-04 1626112]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-23 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-23 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
hueyTray.lnk - c:\program files\Pantone\huey\hueyTray.exe [2007-9-24 913408]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-8-23 36903]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP Games\\Wheel of Fortune\\Wheel of Fortune.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/8/2009 8:27 PM 64160]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2/28/2008 4:08 PM 1373480]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [8/23/2006 11:29 AM 82048]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [8/23/2006 11:28 AM 468768]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [6/21/2008 8:47 PM 99568]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [4/20/2008 3:42 PM 135168]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [8/1/2008 9:53 AM 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [8/1/2008 9:53 AM 3768]

--- Other Services/Drivers In Memory ---

*Deregistered* - imaoaaje

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:19]

2009-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-23 17:32]

2008-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-23 17:32]

2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{55FBFD6F-54BD-44A7-9F9D-D77B62135FFD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)

.

Supplementary Scan

.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: trymedia.com
DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} - hxxps://healthweb.stjohn.org/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/,DanaInfo=.acxBvnmyGkxw+LocalExec.CAB
DPF: {D589D0E5-C349-4014-9837-827B25B41A4A} - hxxps://healthweb.stjohn.org/CommonAccessWeb/ActiveX/,DanaInfo=.acxedDxpo0Imzy+GetClientInfo.ocx
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\vwvtlkf3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 08:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERS\S-1-5-21-4023701530-678371454-121720877-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EF01833-098A-1577-21B4-964A9039CDB0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakcdepkaphdhlkdjlafncmmajolak"=hex:64,61,6a,69,6c,63,6a,63,00,c0
"oagphcmeielagnofkjamiagmpkbiba"=hex:6a,61,6b,69,6f,63,6b,68,63,6f,66,62,64,6a,
6f,6d,65,62,64,61,00,fd
"namabafbhgdkfnbkmgoibiobocgk"=hex:69,61,6a,69,6a,64,62,65,69,6f,63,65,6d,70,
6f,6c,70,6c,00,00
"oakcdepkaphdhlkdjlafncmmejoele"=hex:64,61,6b,69,6a,63,67,66,00,70
"oagphcmeielagnofkjamiagmdlfdon"=hex:6a,61,6b,69,6f,63,6b,68,63,6f,66,62,64,6a,
6f,6d,65,62,64,61,00,fa
"namabafbhgdkfnbkmgoibicbkdfm"=hex:69,61,6a,69,6a,64,62,65,69,6f,63,65,6d,70,
6f,6c,70,6c,00,00
.
Completion time: 2009-07-11 9:00
ComboFix-quarantined-files.txt 2009-07-11 13:00

Pre-Run: 346,541,981,696 bytes free
Post-Run: 434,577,440,768 bytes free

259 --- E O F --- 2009-07-05 07:00

Katana · July 2009

Step 1

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

RegNull::
[HKEY_USERS\S-1-5-21-4023701530-678371454-121720877-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EF01833-098A-1577-21B4-964A9039CDB0}*]
ADS::

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Combofix Log
Kaspersky Log
How are things running now ?

omgicst · July 2009

Things are running good

Here are the requested files:

Combofix log:

ComboFix 09-07-09.08 - HP_Administrator 07/11/2009 20:35.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2903 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\52417.msi
c:\windows\Installer\617037.msi
c:\windows\Installer\aaadd.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-11 13:26 . 2009-07-11 13:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-11 13:13 . 2009-07-11 13:21

d

w- c:\documents and settings\HP_Administrator\.SunDownloadManager
2009-07-10 14:51 . 2009-07-10 14:51

d

w- C:\rsit
2009-07-09 09:51 . 2009-07-09 09:51

d

w- c:\program files\Trend Micro
2009-07-09 09:14 . 2009-07-09 00:26 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-09 01:38 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 01:38 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 01:38 . 2009-07-09 01:39

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 00:27 . 2009-07-09 00:21 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-09 00:27 . 2009-07-09 00:27 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-09 00:26 . 2009-07-09 00:26 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 00:26 . 2009-07-09 00:26 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-09 00:26 . 2009-07-09 00:26 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-09 00:26 . 2009-07-09 00:26 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-09 00:26 . 2009-07-09 00:26 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-09 00:25 . 2009-07-09 00:25 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-09 00:22 . 2009-07-09 00:22 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 00:21 . 2009-07-09 00:21 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-09 00:21 . 2009-07-09 00:21 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-09 00:21 . 2009-07-09 00:21 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-07-09 00:21 . 2009-07-09 00:21 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-09 00:20 . 2009-07-09 00:20 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-09 00:20 . 2009-07-09 00:20 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-09 00:19 . 2009-07-09 00:19 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-09 00:19 . 2009-07-09 00:19 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-09 00:18 . 2009-07-09 00:18 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-09 00:17 . 2009-07-09 00:17 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-09 00:17 . 2009-07-09 00:17 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-09 00:15 . 2009-07-09 00:15

dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 00:15 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-09 00:15 . 2009-07-09 00:15

d

w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 13:25 . 2006-08-23 15:09

d

w- c:\program files\Java
2009-07-11 01:52 . 2007-08-13 19:30

d

w- c:\documents and settings\HP_Administrator\Application Data\WTablet
2009-07-09 01:33 . 2008-07-27 22:23

d

w- c:\program files\Blaze Media Pro
2009-07-09 00:15 . 2007-09-10 04:16

d

w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 15:30 . 2006-08-23 15:44 271160 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 12:38 . 2007-12-13 00:04

d

w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-30 08:10 . 2007-01-24 00:14

d

w- c:\documents and settings\HP_Administrator\Application Data\Canon
2009-05-07 15:44 . 2004-08-09 21:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 14:28 . 2007-09-22 18:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-29 04:56 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-09 21:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-09 21:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-10 20:32 . 2006-11-20 00:40 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-07-10 20:32 . 2006-11-20 00:40 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-07-10 20:32 . 2006-11-20 00:40 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-07-10 20:32 . 2006-11-20 00:40 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-07-10 20:32 . 2006-11-20 00:40 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-02-23 03:06 . 2007-12-22 04:06 168 --sh--r- c:\windows\system32\8FC284F08A.sys
2008-02-23 03:06 . 2007-12-22 03:59 4388 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-11_12.58.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 13:26 . 2009-07-11 13:26 16384 c:\windows\Temp\Perflib_Perfdata_818.dat
+ 2005-08-30 21:02 . 2009-07-12 00:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 21:02 . 2009-07-11 12:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 13:51 . 2009-07-11 12:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2009-07-12 00:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2009-07-11 12:51 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-08-30 13:51 . 2009-07-12 00:24 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-11 13:26 . 2009-07-11 13:25 148888 c:\windows\system32\javaws.exe
+ 2009-07-11 13:26 . 2009-07-11 13:25 144792 c:\windows\system32\javaw.exe
+ 2009-07-11 13:26 . 2009-07-11 13:25 144792 c:\windows\system32\java.exe
+ 2009-07-11 13:25 . 2009-07-11 13:25 1563648 c:\windows\Installer\27d145e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-20 19:38 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-11 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-09 520024]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-13 16239616]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-04 1626112]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-23 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-23 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
hueyTray.lnk - c:\program files\Pantone\huey\hueyTray.exe [2007-9-24 913408]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-8-23 36903]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP Games\\Wheel of Fortune\\Wheel of Fortune.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/8/2009 8:27 PM 64160]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2/28/2008 4:08 PM 1373480]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [8/23/2006 11:29 AM 82048]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [8/23/2006 11:28 AM 468768]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [6/21/2008 8:47 PM 99568]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [4/20/2008 3:42 PM 135168]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [8/1/2008 9:53 AM 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [8/1/2008 9:53 AM 3768]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - imaoaaje

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:19]

2009-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-23 17:32]

2008-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-23 17:32]

2009-07-12 c:\windows\Tasks\User_Feed_Synchronization-{55FBFD6F-54BD-44A7-9F9D-D77B62135FFD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: trymedia.com
DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} - hxxps://healthweb.stjohn.org/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/,DanaInfo=.acxBvnmyGkxw+LocalExec.CAB
DPF: {D589D0E5-C349-4014-9837-827B25B41A4A} - hxxps://healthweb.stjohn.org/CommonAccessWeb/ActiveX/,DanaInfo=.acxedDxpo0Imzy+GetClientInfo.ocx
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\vwvtlkf3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 20:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-12 20:44
ComboFix-quarantined-files.txt 2009-07-12 00:44
ComboFix2.txt 2009-07-11 13:00

Pre-Run: 434,429,648,896 bytes free
Post-Run: 434,445,770,752 bytes free

256 --- E O F --- 2009-07-05 07:00

Kaspersky Log:

KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, July 12, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, July 12, 2009 10:32:53
Records in database: 2462534

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 296630
Threat name: 2
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 03:12:34

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\kefuguhi.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\korediri.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tijevilu.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP710\A0149091.dll Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP710\A0149092.dll Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP710\A0149093.dll Infected: Trojan-Downloader.Win32.Agent.bqxc 1
E:\I386\APPS\APP18622\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
E:\I386\APPS\APP18622\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1

The selected area was scanned.

Katana · July 2009

That's great, the only things Kaspersky found are leftovers that will be cleaned in the final tidy up

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.

Uninstall Combofix

This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

Please download OTCleanup from HERE
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware isnot the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
[*]Spybot - Search & Destroy <<< A must have program

It includes host protection and registry protection
A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

[*] MalwareBytes Anti-malware <<< A New and effective program
[*]a-squared Free <<< A good "realtime" or "on demand" scanner
[*]superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
  - Change the Download signed ActiveX controls to Prompt
  - Change the Download unsigned ActiveX controls to Disable
  - Change the Initialise and script ActiveX controls not marked as safe to Disable
  - Change the Installation of desktop items to Prompt
  - Change the Launching programs and files in an IFRAME to Prompt
  - Change the Navigate sub-frames across different domains to Prompt
  - When all these settings have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

FireFox
- With many addons available that make customization easy this is a very popular choice
- NoScript and AdBlockPlus addons are essential
Opera
- Another popular alternative
Netscape
- Another popular alternative
- Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

omgicst · July 2009

Katana,

Thanks so much for ALL of your help! Things are running great. I followed the last bit of instructions you gave and am in the process of following all the awesome suggestions to stay safe and clean...

Help Please Nasty Virus (Resolved )

Comments