Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijack this log, browser has been hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijack this log, browser has been hijacked

Unread postby moosh01 » December 31st, 2008, 2:38 am

browser goes to wrong pages after clicking links
edit: I have a wireless router Netgear WPN824 v3, it also wont let me update antivirus software

hijack this log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:29 AM, on 12/31/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\moosh\Desktop\HijackThis v2.0.2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\moosh\AppData\Local\Temp\ssqPJdAQ.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\moosh\AppData\Local\Temp\nnnkKCvu.dll,c
O4 - HKCU\..\Run: [d4b9bc1d] rundll32.exe "C:\Users\moosh\AppData\Local\Temp\mcmdmndn.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Add this link to WebWhacker... - h:\webwack\Art\wwieextlink.html
O8 - Extra context menu item: Add this page to WebWhacker... - h:\webwack\Art\wwieext.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - (no file)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Disc Image Demo mount service (DIMSVC) - Pa-software - C:\Program Files\Pa-software\Disc Image Demo\dimsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe

--
End of file - 10557 bytes


Thanks
moosh01
Active Member
 
Posts: 7
Joined: December 31st, 2008, 2:34 am
Advertisement
Register to Remove

Re: hijack this log, browser has been hijacked

Unread postby Sharagoz » January 2nd, 2009, 3:34 am

Hello moosh01, welcome to MWR.
Please take note of the following before we begin the cleaning process:
  • The whole process will often take several days to complete, so please stay patient
  • Hang in there until I give you the 'All clean'. If you leave prematurely because your computer seems to be back to its old self, the risk of re-infection will be very high
  • Perform all actions in the order given
  • The instructions I give expect that you're using an account with administrator privileges and that the language of your operating system is English.
  • Dont be afraid to ask questions if something is unclear or you run into issues during cleaning steps
  • I recommend you read through each set of instructions before you actually perform them

Download and run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop
  • Right-click on RSIT.exe and chose Run as administrator to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: hijack this log, browser has been hijacked

Unread postby moosh01 » January 3rd, 2009, 3:48 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by moosh at 2009-01-03 13:43:21
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 40 GB (27%) free of 148 GB
Total RAM: 1791 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:42 PM, on 1/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\moosh\Desktop\RSIT.exe
C:\Program Files\trend micro\moosh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Add this link to WebWhacker... - h:\webwack\Art\wwieextlink.html
O8 - Extra context menu item: Add this page to WebWhacker... - h:\webwack\Art\wwieext.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - (no file)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Disc Image Demo mount service (DIMSVC) - Pa-software - C:\Program Files\Pa-software\Disc Image Demo\dimsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe

--
End of file - 11145 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-10-24 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-06 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-05 4669440]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2008-01-09 326176]
"PCMMediaSharing"=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-25 204908]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-02-01 630784]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-10-15 3387392]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"eRecoveryService"= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-02 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"RegistryMechanic"= []
"THGuard"=C:\Program Files\TrojanHunter 5.0\THGuard.exe [2008-03-25 1047712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-14 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Users\moosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MemCheckBoxInRunDlg"=0
"NoStrCmpLogical"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoChangeAnimation"=
"NoStrCmpLogical"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01483e2e-abc7-11dd-8820-001c25861e59}]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0368b584-fc4c-11dc-a6f7-806e6f6e6963}]
shell\AutoRun\command - I:\mri.exe


======List of files/folders created in the last 1 months======

2009-01-03 13:43:21 ----D---- C:\rsit
2009-01-03 13:43:21 ----D---- C:\Program Files\trend micro
2009-01-01 23:08:28 ----D---- C:\Users\moosh\AppData\Roaming\Ulead Systems
2009-01-01 23:02:27 ----D---- C:\Program Files\Common Files\InterVideo
2009-01-01 23:02:23 ----D---- C:\ProgramData\InterVideo
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresizeW7.dll
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresizePX.dll
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresizeP6.dll
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresizeM6.dll
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresizeA6.dll
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresize.dll
2009-01-01 23:01:20 ----D---- C:\Windows\RegisteredPackages
2009-01-01 23:01:19 ----HD---- C:\Windows\msdownld.tmp
2009-01-01 23:01:17 ----D---- C:\Program Files\Windows Media Components
2009-01-01 22:53:36 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-01-01 22:53:34 ----D---- C:\ProgramData\Ulead Systems
2009-01-01 22:53:34 ----D---- C:\Program Files\Ulead Systems
2009-01-01 17:47:18 ----A---- C:\Windows\wininit.ini
2009-01-01 17:26:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-01 17:26:45 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-31 02:07:17 ----D---- C:\Users\moosh\AppData\Roaming\Malwarebytes
2008-12-31 02:07:11 ----D---- C:\ProgramData\Malwarebytes
2008-12-31 02:07:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-31 00:07:38 ----D---- C:\VundoFix Backups
2008-12-31 00:07:38 ----A---- C:\VundoFix.txt
2008-12-30 23:07:27 ----D---- C:\Program Files\RogueRemover FREE
2008-12-30 22:39:39 ----D---- C:\Program Files\Exterminate It!
2008-12-30 21:49:31 ----A---- C:\Windows\ntbtlog.txt
2008-12-30 21:44:02 ----D---- C:\Program Files\Lavasoft
2008-12-30 21:44:01 ----D---- C:\ProgramData\Lavasoft
2008-12-30 21:43:37 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-30 21:29:24 ----D---- C:\Users\moosh\AppData\Roaming\TrojanHunter
2008-12-30 21:23:08 ----R---- C:\Windows\system32\streamhlp.dll
2008-12-30 21:23:07 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-30 21:13:25 ----D---- C:\Users\moosh\AppData\Roaming\uTorrent
2008-12-30 13:31:09 ----D---- C:\Windows\Minidump
2008-12-29 23:12:34 ----D---- C:\Users\moosh\AppData\Roaming\PC Tools
2008-12-29 23:12:34 ----D---- C:\Program Files\Spyware Doctor
2008-12-29 18:22:20 ----D---- C:\Program Files\Super_DVD_Creator_9.8
2008-12-29 13:30:45 ----D---- C:\Users\moosh\AppData\Roaming\Roxio
2008-12-29 13:29:58 ----D---- C:\ProgramData\InstallShield
2008-12-29 13:28:51 ----D---- C:\ProgramData\Sonic
2008-12-29 13:26:18 ----D---- C:\ProgramData\Roxio
2008-12-29 13:24:38 ----D---- C:\Program Files\Roxio
2008-12-29 13:24:38 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-12-26 17:10:44 ----D---- C:\Program Files\GrabIt
2008-12-26 05:31:58 ----D---- C:\Users\moosh\AppData\Roaming\NewsLeecher
2008-12-26 05:31:45 ----D---- C:\Program Files\NewsLeecher
2008-12-24 20:03:01 ----D---- C:\iPrep_101
2008-12-23 14:19:58 ----N---- C:\Windows\system32\difxapi.dll
2008-12-23 14:19:58 ----D---- C:\Program Files\VIA
2008-12-21 23:39:23 ----D---- C:\wadder
2008-12-21 00:09:31 ----D---- C:\Program Files\iPrep 101
2008-12-18 23:28:44 ----A---- C:\Windows\system32\msxml.dll
2008-12-18 23:28:43 ----A---- C:\Windows\system32\STKIT432.DLL
2008-12-18 23:28:22 ----D---- C:\Program Files\Registry Mechanic
2008-12-18 03:00:15 ----A---- C:\Windows\system32\mshtml.dll
2008-12-13 01:22:35 ----D---- C:\Program Files\Cloudbrain
2008-12-13 01:11:05 ----D---- C:\Program Files\CDDBMP3Tool
2008-12-11 03:04:43 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 02:01:40 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 02:01:23 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 02:01:23 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 02:01:22 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 02:01:22 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 02:01:19 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 02:01:16 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 02:00:52 ----A---- C:\Windows\system32\mf.dll
2008-12-11 02:00:51 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 02:00:49 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 02:00:49 ----A---- C:\Windows\system32\logagent.exe
2008-12-11 01:59:21 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 01:59:18 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 00:27:36 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 00:07:34 ----A---- C:\Windows\explorer.exe
2008-12-10 00:04:10 ----D---- C:\Program Files\Team Craxtion
2008-12-09 06:26:04 ----D---- C:\Users\moosh\AppData\Roaming\fretsonfire
2008-12-09 06:00:52 ----D---- C:\Program Files\Microsoft Xbox 360 Accessories
2008-12-09 04:15:16 ----D---- C:\Program Files\Game Copy Pro
2008-12-08 23:03:08 ----A---- C:\Windows\system32\msxml3a.dll
2008-12-08 00:04:24 ----D---- C:\X360HP Temp
2008-12-07 23:44:05 ----D---- C:\Windows\Xbox 360 Hack Pack RC1
2008-12-07 23:44:04 ----D---- C:\Program Files\Xbox 360 Hack Pack RC1
2008-12-07 23:43:13 ----A---- C:\Windows\Xbox 360 Hack Pack RC1 Setup Log.txt
2008-12-07 23:21:27 ----D---- C:\ProgramData\Geek Squad
2008-12-07 02:30:01 ----D---- C:\Program Files\Oxin's Style!

======List of files/folders modified in the last 1 months======

2009-01-03 13:43:28 ----D---- C:\Windows\Temp
2009-01-03 13:43:21 ----RD---- C:\Program Files
2009-01-03 13:40:36 ----D---- C:\Program Files\Mozilla Firefox
2009-01-02 18:12:49 ----D---- C:\ProgramData\Google Updater
2009-01-01 23:08:41 ----D---- C:\Windows
2009-01-01 23:03:24 ----SHD---- C:\Windows\Installer
2009-01-01 23:02:58 ----D---- C:\Windows\winsxs
2009-01-01 23:02:27 ----D---- C:\Program Files\Common Files
2009-01-01 23:02:23 ----HD---- C:\ProgramData
2009-01-01 23:02:19 ----D---- C:\Windows\System32
2009-01-01 23:02:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-01 23:01:56 ----D---- C:\Windows\inf
2009-01-01 23:01:53 ----D---- C:\ProgramData\Apple Computer
2009-01-01 22:56:15 ----RSD---- C:\Windows\Fonts
2009-01-01 18:34:09 ----D---- C:\Windows\Tasks
2009-01-01 14:58:35 ----D---- C:\Windows\system32\drivers
2008-12-31 00:06:01 ----AD---- C:\ProgramData\TEMP
2008-12-30 21:34:23 ----SD---- C:\Windows\Downloaded Program Files
2008-12-30 09:07:42 ----D---- C:\Program Files\Pcsx2_0.9.4
2008-12-30 05:08:32 ----D---- C:\Windows\system32\config
2008-12-30 04:29:09 ----SHD---- C:\System Volume Information
2008-12-30 00:25:44 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-30 00:09:23 ----D---- C:\Windows\Logs
2008-12-29 23:20:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-29 23:17:37 ----D---- C:\Windows\system32\catroot2
2008-12-29 20:30:30 ----D---- C:\Users\moosh\AppData\Roaming\FrostWire
2008-12-26 05:16:59 ----D---- C:\Users\moosh\AppData\Roaming\FileZilla
2008-12-26 01:57:50 ----SD---- C:\Users\moosh\AppData\Roaming\Microsoft
2008-12-23 14:20:27 ----D---- C:\Windows\system32\catroot
2008-12-23 14:11:53 ----D---- C:\Program Files\McAfee
2008-12-19 00:23:25 ----D---- C:\Windows\system32\en-US
2008-12-18 23:44:38 ----D---- C:\Program Files\Acer Arcade Live
2008-12-18 23:44:16 ----D---- C:\ProgramData\CyberLink
2008-12-18 23:44:12 ----D---- C:\Program Files\CyberLink
2008-12-15 22:00:22 ----D---- C:\Windows\Prefetch
2008-12-15 21:59:36 ----SHD---- C:\$RECYCLE.BIN
2008-12-14 19:57:38 ----RD---- C:\Users
2008-12-12 01:57:22 ----SD---- C:\ProgramData\Microsoft
2008-12-11 07:34:30 ----D---- C:\Windows\rescache
2008-12-11 07:16:13 ----D---- C:\Windows\AppPatch
2008-12-11 07:16:13 ----D---- C:\Program Files\Windows Mail
2008-12-11 03:10:12 ----D---- C:\ProgramData\Microsoft Help
2008-12-09 06:01:27 ----D---- C:\Windows\system32\Tasks
2008-12-08 23:11:02 ----D---- C:\Users\moosh\AppData\Roaming\CyberLink
2008-12-08 23:02:32 ----A---- C:\Windows\system32\msvcr71.dll
2008-12-08 23:02:32 ----A---- C:\Windows\system32\msvcp71.dll
2008-12-08 01:55:11 ----D---- C:\Users\moosh\AppData\Roaming\Adobe
2008-12-07 23:42:32 ----D---- C:\Users\moosh\AppData\Roaming\U3
2008-12-07 00:10:08 ----D---- C:\Program Files\Common Files\Adobe
2008-12-07 00:10:03 ----D---- C:\ProgramData\Adobe
2008-12-07 00:09:45 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DiscImage;Disc image driver; C:\Windows\system32\DRIVERS\discimage.sys [2007-05-26 24704]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-06 14544]
R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-06 6080]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-13 3076608]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-20 18432]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-19 6144]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-02-01 982272]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 AMDPCI;AMDPCI; \??\C:\Users\moosh\AppData\Local\Temp\AMDPCI.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2003-04-04 30336]
S3 Pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\Pcouffin.sys [2008-09-02 47360]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v3.sys [2007-12-28 289280]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2005-10-09 23600]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-20 521216]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-17 28672]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-13 610304]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2006-08-11 200704]
R2 DIMSVC;Disc Image Demo mount service; C:\Program Files\Pa-software\Disc Image Demo\dimsvc.exe [2007-05-26 36864]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-06 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 TVersityMediaServer;TVersityMediaServer; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe [2008-10-23 827392]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-03 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2003-04-04 77824]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-03 13:43:45

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9
µtorrent 1.8 (build 11813) Leecher Pack-->"C:\Program Files\seba14mods\µtorrent 1.8 (build 11813) Leecher Pack\unins000.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GameZone Console DTV 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer HomeMedia Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe" -uninstall
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Alice Greenfingers-->"C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log"
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
Blue Squirrel WebWhacker 5.0-->C:\Windows\IsUninst.exe -fh:\webwack\Uninst.isu
Bookworm Deluxe-->"C:\Program Files\Acer GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Bookworm Deluxe\install.log"
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Bully Scholarship Edition-->"C:\Program Files\InstallShield Installation Information\{A724605D-B399-4304-B8C7-33B3EF7D4677}\setup.exe" -runfromtemp -l0x0409 -removeonly
Bully Scholarship Edition-->MsiExec.exe /X{A724605D-B399-4304-B8C7-33B3EF7D4677}
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
CDDB MP3 Tool (remove only)-->"C:\Program Files\CDDBMP3Tool\uninstall.exe"
Chuzzle-->"C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Craxtion4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16ACC3B-A84E-46B2-B6B4-0E088A94A944}\setup.exe" -l0x9 -removeonly
Diner Dash Flo on the Go-->"C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log"
Disc Image Demo-->MsiExec.exe /I{7DA2C692-5BAC-4ACA-A270-8603B283B9A9}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDInfoPro-->"C:\Program Files\DVDInfoPro\uninstall.exe"
DVDXCopy 1.3 b630 (remove only)-->C:\Program Files\321Studios\DVDXCopy\Uninst.exe
DVDXCopy Platinum 4.0.3-->"C:\Program Files\321Studios\uninstall.exe"
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
Exterminate It!-->C:\Program Files\Exterminate It!\ExterminateIt_Uninst.exe
ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\ffdshow\unins000.exe"
FileZilla Client 3.1.5-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Flip Words 2-->"C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
GameCopyPro273_1-->"C:\Program Files\InstallShield Installation Information\{30368B72-4D78-498E-8AE1-7389C51BD57B}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GrabIt 1.6.2 Beta (build 940)-->"C:\Program Files\GrabIt\unins000.exe"
HijackThis 2.0.2-->"I:\Malware\Utilities\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iPrep 101 v0.0.6.2 Beta-->C:\Program Files\iPrep 101\uninst.exe
IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MCE Software Encoder 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
Media Player Codec Pack 3.2.0-->C:\Windows\system32\C2MP\Uninst.exe
MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
NewsLeecher v3.9 Final-->"C:\Program Files\NewsLeecher\unins000.exe"
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Oxin's Style! 3D Sexvilla 2.058.002-->"C:\Program Files\Oxin's Style!\3D Sexvilla 2\Binaries\unins000.exe"
Oxin's Style! VirtuallyJenna 2-->"C:\Program Files\Oxin's Style!\VirtuallyJenna\Binaries\unins000.exe"
Pcsx2 0.9.4 Watermoose-->"C:\Program Files\Pcsx2_0.9.4\unins000.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PE585QA-32-->MsiExec.exe /I{A687B4D9-0047-468F-ABCC-2783FA23768A}
PG583_32_inf-->MsiExec.exe /I{C49624DD-C504-4279-B9E0-65A2EB6E1619}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SendElf-->"C:\Program Files\sendelf\uninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Tomb Raider: Anniversary 1.0-->C:\Program Files\Tomb Raider - Anniversary\uninsttra.exe
Trivia Machine-->"C:\Program Files\MSN Games\Trivia Machine\Uninstall.exe" "C:\Program Files\MSN Games\Trivia Machine\install.log"
TrojanHunter 5.0-->"C:\Program Files\TrojanHunter 5.0\unins000.exe"
TVersity Codec Pack 1.2-->C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 1.0.0.7 RC4-->C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\uninst.exe
Ulead DVD MovieFactory 6-->C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
UltimateBet-->C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
WADder 0.9-->"C:\wadder\unins000.exe"
Windows Driver Package - Conexant (cxpl_mhd) Media (11/07/2007 6.0.104.0038)-->rundll32.exe C:\PROGRA~1\DIFX\690455CD803D2085\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\y_cx88x.inf_06fe565d\y_cx88x.inf
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)-->rundll32.exe C:\PROGRA~1\DIFX\690455CD803D2085\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\omnitv.inf_0f87386d\omnitv.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.0-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Hack Pack RC1-->"C:\Windows\Xbox 360 Hack Pack RC1\uninstall.exe" "/U:C:\Program Files\Xbox 360 Hack Pack RC1\Uninstall\uninstall.xml"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Spybot - Search and Destroy
AS: Windows Defender

System event log

Computer Name: moosh-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 58771
Source Name: Service Control Manager
Time Written: 20090103151602.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 58772
Source Name: Service Control Manager
Time Written: 20090103153232.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 58773
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090103170538.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 6013
Message: The system uptime is 132914 seconds.
Record Number: 58774
Source Name: EventLog
Time Written: 20090103180014.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 58775
Source Name: Service Control Manager
Time Written: 20090103194049.000000-000
Event Type: Information
User:

Application event log

Computer Name: moosh-PC
Event Code: 1001
Message: Fault bucket 32034982, type 5
Event Name: MpTelemetry
Response: None
Cab Id: 0

Problem signature:
P1: 80244019
P2: EndSearch
P3: Search
P4: 1.1.1600.0
P5: MpSigDwn.dll
P6: 1.1.1600.0
P7: Windows Defender
P8:
P9:
P10:

Attached files:
C:\Windows\Temp\MPTelemetrySubmit\client_manifest.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report107a7e08
Record Number: 10058
Source Name: Windows Error Reporting
Time Written: 20090102081113.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 10059
Source Name: VSS
Time Written: 20090102131800.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 10060
Source Name: VSS
Time Written: 20090103060301.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 1001
Message: Fault bucket 32034982, type 5
Event Name: MpTelemetry
Response: None
Cab Id: 0

Problem signature:
P1: 80244019
P2: EndSearch
P3: Search
P4: 1.1.1600.0
P5: MpSigDwn.dll
P6: 1.1.1600.0
P7: Windows Defender
P8:
P9:
P10:

Attached files:
C:\Windows\Temp\MPTelemetrySubmit\client_manifest.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report17fccf4e
Record Number: 10061
Source Name: Windows Error Reporting
Time Written: 20090103081108.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 10062
Source Name: LightScribeService
Time Written: 20090103194344.000000-000
Event Type: Information
User:

Security event log

Computer Name: moosh-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 16179
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090103194341.402275-000
Event Type: Audit Failure
User:

Computer Name: moosh-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 16180
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090103194341.433475-000
Event Type: Audit Failure
User:

Computer Name: moosh-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 16181
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090103194341.464675-000
Event Type: Audit Failure
User:

Computer Name: moosh-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 16182
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090103194341.495875-000
Event Type: Audit Failure
User:

Computer Name: moosh-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 16183
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090103194341.527075-000
Event Type: Audit Failure
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Common Files\Ulead Systems\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=6b02
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------
moosh01
Active Member
 
Posts: 7
Joined: December 31st, 2008, 2:34 am

Re: hijack this log, browser has been hijacked

Unread postby Sharagoz » January 5th, 2009, 3:47 pm

P2P warning
You have FrostWire and µTorrent installed on your computer. These are peer-to-peer programs used to share files between computers.
There are several issues related to this:
  • P2P programs are notorious for being bundled with unwanted adware/spyware programs
  • Poorly configured P2P programs can share more files than you want them too, including personal files
  • Since its impossible to establish the source of which you are copying files from, you will always be at a certan risk every time you download a file. Malware written to spesifically spread through P2P networks are becoming an increasing problem and may be the source of your current infection. Even if you can trust the P2P program itself, you can never trust the sources you download from.

By MWR policy I am forced to ask that you uninstall this program if you wish me to further help you with your malware issues.
For more info, read MWR policy on P2P programs

To uninstall the program, go to Add/Remove Programs and uninstall the following:
FrostWire 4.17.0
µtorrent 1.8

If you chose to proceed I need new RSIT logs:
  • Delete this folder: C:\rsit
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: hijack this log, browser has been hijacked

Unread postby moosh01 » January 7th, 2009, 2:28 am

Uninstalled:FrostWire 4.17.0
µtorrent 1.8

Logfile of random's system information tool 1.05 (written by random/random)
Run by moosh at 2009-01-07 00:25:27
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 48 GB (32%) free of 148 GB
Total RAM: 1791 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:45 AM, on 1/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\moosh\Desktop\RSIT.exe
C:\Program Files\trend micro\moosh.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Add this link to WebWhacker... - h:\webwack\Art\wwieextlink.html
O8 - Extra context menu item: Add this page to WebWhacker... - h:\webwack\Art\wwieext.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - (no file)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Disc Image Demo mount service (DIMSVC) - Pa-software - C:\Program Files\Pa-software\Disc Image Demo\dimsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe

--
End of file - 11259 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-10-24 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-06 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-05 4669440]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2008-01-09 326176]
"PCMMediaSharing"=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-25 204908]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-02-01 630784]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-10-15 3387392]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"eRecoveryService"= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-02 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"RegistryMechanic"= []
"THGuard"=C:\Program Files\TrojanHunter 5.0\THGuard.exe [2008-03-25 1047712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-14 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Users\moosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MemCheckBoxInRunDlg"=0
"NoStrCmpLogical"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoChangeAnimation"=
"NoStrCmpLogical"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01483e2e-abc7-11dd-8820-001c25861e59}]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0368b584-fc4c-11dc-a6f7-806e6f6e6963}]
shell\AutoRun\command - I:\mri.exe


======List of files/folders created in the last 1 months======

2009-01-07 00:25:27 ----D---- C:\rsit
2009-01-03 13:43:21 ----D---- C:\Program Files\trend micro
2009-01-01 23:08:28 ----D---- C:\Users\moosh\AppData\Roaming\Ulead Systems
2009-01-01 23:02:27 ----D---- C:\Program Files\Common Files\InterVideo
2009-01-01 23:02:23 ----D---- C:\ProgramData\InterVideo
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresizeW7.dll
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresizePX.dll
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresizeP6.dll
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresizeM6.dll
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresizeA6.dll
2009-01-01 23:02:19 ----A---- C:\Windows\system32\IVIresize.dll
2009-01-01 23:01:20 ----D---- C:\Windows\RegisteredPackages
2009-01-01 23:01:19 ----HD---- C:\Windows\msdownld.tmp
2009-01-01 23:01:17 ----D---- C:\Program Files\Windows Media Components
2009-01-01 22:53:36 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-01-01 22:53:34 ----D---- C:\ProgramData\Ulead Systems
2009-01-01 22:53:34 ----D---- C:\Program Files\Ulead Systems
2009-01-01 17:47:18 ----A---- C:\Windows\wininit.ini
2009-01-01 17:26:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-01 17:26:45 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-31 02:07:17 ----D---- C:\Users\moosh\AppData\Roaming\Malwarebytes
2008-12-31 02:07:11 ----D---- C:\ProgramData\Malwarebytes
2008-12-31 02:07:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-31 00:07:38 ----D---- C:\VundoFix Backups
2008-12-31 00:07:38 ----A---- C:\VundoFix.txt
2008-12-30 23:07:27 ----D---- C:\Program Files\RogueRemover FREE
2008-12-30 22:39:39 ----D---- C:\Program Files\Exterminate It!
2008-12-30 21:49:31 ----A---- C:\Windows\ntbtlog.txt
2008-12-30 21:44:02 ----D---- C:\Program Files\Lavasoft
2008-12-30 21:44:01 ----D---- C:\ProgramData\Lavasoft
2008-12-30 21:43:37 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-30 21:29:24 ----D---- C:\Users\moosh\AppData\Roaming\TrojanHunter
2008-12-30 21:23:08 ----R---- C:\Windows\system32\streamhlp.dll
2008-12-30 21:23:07 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-30 21:13:25 ----D---- C:\Users\moosh\AppData\Roaming\uTorrent
2008-12-30 13:31:09 ----D---- C:\Windows\Minidump
2008-12-29 23:12:34 ----D---- C:\Users\moosh\AppData\Roaming\PC Tools
2008-12-29 23:12:34 ----D---- C:\Program Files\Spyware Doctor
2008-12-29 18:22:20 ----D---- C:\Program Files\Super_DVD_Creator_9.8
2008-12-29 13:30:45 ----D---- C:\Users\moosh\AppData\Roaming\Roxio
2008-12-29 13:29:58 ----D---- C:\ProgramData\InstallShield
2008-12-29 13:28:51 ----D---- C:\ProgramData\Sonic
2008-12-29 13:26:18 ----D---- C:\ProgramData\Roxio
2008-12-29 13:24:38 ----D---- C:\Program Files\Roxio
2008-12-29 13:24:38 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-12-26 17:10:44 ----D---- C:\Program Files\GrabIt
2008-12-26 05:31:58 ----D---- C:\Users\moosh\AppData\Roaming\NewsLeecher
2008-12-26 05:31:45 ----D---- C:\Program Files\NewsLeecher
2008-12-24 20:03:01 ----D---- C:\iPrep_101
2008-12-23 14:19:58 ----N---- C:\Windows\system32\difxapi.dll
2008-12-23 14:19:58 ----D---- C:\Program Files\VIA
2008-12-21 23:39:23 ----D---- C:\wadder
2008-12-21 00:09:31 ----D---- C:\Program Files\iPrep 101
2008-12-18 23:28:44 ----A---- C:\Windows\system32\msxml.dll
2008-12-18 23:28:43 ----A---- C:\Windows\system32\STKIT432.DLL
2008-12-18 23:28:22 ----D---- C:\Program Files\Registry Mechanic
2008-12-18 03:00:15 ----A---- C:\Windows\system32\mshtml.dll
2008-12-13 01:22:35 ----D---- C:\Program Files\Cloudbrain
2008-12-13 01:11:05 ----D---- C:\Program Files\CDDBMP3Tool
2008-12-11 03:04:43 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 02:01:40 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 02:01:23 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 02:01:23 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 02:01:22 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 02:01:22 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 02:01:19 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 02:01:16 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 02:00:52 ----A---- C:\Windows\system32\mf.dll
2008-12-11 02:00:51 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 02:00:49 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 02:00:49 ----A---- C:\Windows\system32\logagent.exe
2008-12-11 01:59:21 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 01:59:18 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 00:27:36 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 00:07:34 ----A---- C:\Windows\explorer.exe
2008-12-10 00:04:10 ----D---- C:\Program Files\Team Craxtion
2008-12-09 06:26:04 ----D---- C:\Users\moosh\AppData\Roaming\fretsonfire
2008-12-09 06:00:52 ----D---- C:\Program Files\Microsoft Xbox 360 Accessories
2008-12-09 04:15:16 ----D---- C:\Program Files\Game Copy Pro
2008-12-08 23:03:08 ----A---- C:\Windows\system32\msxml3a.dll
2008-12-08 00:04:24 ----D---- C:\X360HP Temp

======List of files/folders modified in the last 1 months======

2009-01-07 00:25:32 ----D---- C:\Windows\Temp
2009-01-07 00:22:36 ----RD---- C:\Program Files
2009-01-07 00:16:20 ----D---- C:\Program Files\Mozilla Firefox
2009-01-06 01:55:42 ----D---- C:\ProgramData\Google Updater
2009-01-05 20:47:49 ----D---- C:\Program Files\FrostWire
2009-01-01 23:08:41 ----D---- C:\Windows
2009-01-01 23:03:24 ----SHD---- C:\Windows\Installer
2009-01-01 23:02:58 ----D---- C:\Windows\winsxs
2009-01-01 23:02:27 ----D---- C:\Program Files\Common Files
2009-01-01 23:02:23 ----HD---- C:\ProgramData
2009-01-01 23:02:19 ----D---- C:\Windows\System32
2009-01-01 23:02:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-01 23:01:56 ----D---- C:\Windows\inf
2009-01-01 23:01:53 ----D---- C:\ProgramData\Apple Computer
2009-01-01 22:56:15 ----RSD---- C:\Windows\Fonts
2009-01-01 18:34:09 ----D---- C:\Windows\Tasks
2009-01-01 14:58:35 ----D---- C:\Windows\system32\drivers
2008-12-31 00:06:01 ----AD---- C:\ProgramData\TEMP
2008-12-30 21:34:23 ----SD---- C:\Windows\Downloaded Program Files
2008-12-30 09:07:42 ----D---- C:\Program Files\Pcsx2_0.9.4
2008-12-30 05:08:32 ----D---- C:\Windows\system32\config
2008-12-30 04:29:09 ----SHD---- C:\System Volume Information
2008-12-30 00:25:44 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-30 00:09:23 ----D---- C:\Windows\Logs
2008-12-29 23:20:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-29 23:17:37 ----D---- C:\Windows\system32\catroot2
2008-12-29 20:30:30 ----D---- C:\Users\moosh\AppData\Roaming\FrostWire
2008-12-26 05:16:59 ----D---- C:\Users\moosh\AppData\Roaming\FileZilla
2008-12-26 01:57:50 ----SD---- C:\Users\moosh\AppData\Roaming\Microsoft
2008-12-23 14:20:27 ----D---- C:\Windows\system32\catroot
2008-12-23 14:11:53 ----D---- C:\Program Files\McAfee
2008-12-19 00:23:25 ----D---- C:\Windows\system32\en-US
2008-12-18 23:44:38 ----D---- C:\Program Files\Acer Arcade Live
2008-12-18 23:44:16 ----D---- C:\ProgramData\CyberLink
2008-12-18 23:44:12 ----D---- C:\Program Files\CyberLink
2008-12-15 22:00:22 ----D---- C:\Windows\Prefetch
2008-12-15 21:59:36 ----SHD---- C:\$RECYCLE.BIN
2008-12-14 19:57:38 ----RD---- C:\Users
2008-12-12 01:57:22 ----SD---- C:\ProgramData\Microsoft
2008-12-11 07:34:30 ----D---- C:\Windows\rescache
2008-12-11 07:16:13 ----D---- C:\Windows\AppPatch
2008-12-11 07:16:13 ----D---- C:\Program Files\Windows Mail
2008-12-11 03:10:12 ----D---- C:\ProgramData\Microsoft Help
2008-12-09 06:01:27 ----D---- C:\Windows\system32\Tasks
2008-12-08 23:11:02 ----D---- C:\Users\moosh\AppData\Roaming\CyberLink
2008-12-08 23:02:32 ----A---- C:\Windows\system32\msvcr71.dll
2008-12-08 23:02:32 ----A---- C:\Windows\system32\msvcp71.dll
2008-12-08 01:55:11 ----D---- C:\Users\moosh\AppData\Roaming\Adobe
2008-12-08 00:04:08 ----A---- C:\Windows\Xbox 360 Hack Pack RC1 Setup Log.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DiscImage;Disc image driver; C:\Windows\system32\DRIVERS\discimage.sys [2007-05-26 24704]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-06 14544]
R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-06 6080]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-13 3076608]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-20 18432]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-19 6144]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-02-01 982272]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 AMDPCI;AMDPCI; \??\C:\Users\moosh\AppData\Local\Temp\AMDPCI.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2003-04-04 30336]
S3 Pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\Pcouffin.sys [2008-09-02 47360]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v3.sys [2007-12-28 289280]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2005-10-09 23600]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-20 521216]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-17 28672]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-13 610304]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2006-08-11 200704]
R2 DIMSVC;Disc Image Demo mount service; C:\Program Files\Pa-software\Disc Image Demo\dimsvc.exe [2007-05-26 36864]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-06 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 TVersityMediaServer;TVersityMediaServer; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe [2008-10-23 827392]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-03 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2003-04-04 77824]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-01-07 00:25:48

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GameZone Console DTV 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer HomeMedia Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe" -uninstall
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Alice Greenfingers-->"C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log"
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
Blue Squirrel WebWhacker 5.0-->C:\Windows\IsUninst.exe -fh:\webwack\Uninst.isu
Bookworm Deluxe-->"C:\Program Files\Acer GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Bookworm Deluxe\install.log"
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Bully Scholarship Edition-->"C:\Program Files\InstallShield Installation Information\{A724605D-B399-4304-B8C7-33B3EF7D4677}\setup.exe" -runfromtemp -l0x0409 -removeonly
Bully Scholarship Edition-->MsiExec.exe /X{A724605D-B399-4304-B8C7-33B3EF7D4677}
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
CDDB MP3 Tool (remove only)-->"C:\Program Files\CDDBMP3Tool\uninstall.exe"
Chuzzle-->"C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Craxtion4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16ACC3B-A84E-46B2-B6B4-0E088A94A944}\setup.exe" -l0x9 -removeonly
Diner Dash Flo on the Go-->"C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log"
Disc Image Demo-->MsiExec.exe /I{7DA2C692-5BAC-4ACA-A270-8603B283B9A9}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDInfoPro-->"C:\Program Files\DVDInfoPro\uninstall.exe"
DVDXCopy 1.3 b630 (remove only)-->C:\Program Files\321Studios\DVDXCopy\Uninst.exe
DVDXCopy Platinum 4.0.3-->"C:\Program Files\321Studios\uninstall.exe"
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
Exterminate It!-->C:\Program Files\Exterminate It!\ExterminateIt_Uninst.exe
ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\ffdshow\unins000.exe"
FileZilla Client 3.1.5-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Flip Words 2-->"C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log"
GameCopyPro273_1-->"C:\Program Files\InstallShield Installation Information\{30368B72-4D78-498E-8AE1-7389C51BD57B}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GrabIt 1.6.2 Beta (build 940)-->"C:\Program Files\GrabIt\unins000.exe"
HijackThis 2.0.2-->"I:\Malware\Utilities\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)-->C:\Windows\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iPrep 101 v0.0.6.2 Beta-->C:\Program Files\iPrep 101\uninst.exe
IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MCE Software Encoder 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
Media Player Codec Pack 3.2.0-->C:\Windows\system32\C2MP\Uninst.exe
MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
NewsLeecher v3.9 Final-->"C:\Program Files\NewsLeecher\unins000.exe"
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Oxin's Style! 3D Sexvilla 2.058.002-->"C:\Program Files\Oxin's Style!\3D Sexvilla 2\Binaries\unins000.exe"
Oxin's Style! VirtuallyJenna 2-->"C:\Program Files\Oxin's Style!\VirtuallyJenna\Binaries\unins000.exe"
Pcsx2 0.9.4 Watermoose-->"C:\Program Files\Pcsx2_0.9.4\unins000.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PE585QA-32-->MsiExec.exe /I{A687B4D9-0047-468F-ABCC-2783FA23768A}
PG583_32_inf-->MsiExec.exe /I{C49624DD-C504-4279-B9E0-65A2EB6E1619}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SendElf-->"C:\Program Files\sendelf\uninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Tomb Raider: Anniversary 1.0-->C:\Program Files\Tomb Raider - Anniversary\uninsttra.exe
Trivia Machine-->"C:\Program Files\MSN Games\Trivia Machine\Uninstall.exe" "C:\Program Files\MSN Games\Trivia Machine\install.log"
TrojanHunter 5.0-->"C:\Program Files\TrojanHunter 5.0\unins000.exe"
TVersity Codec Pack 1.2-->C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 1.0.0.7 RC4-->C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\uninst.exe
Ulead DVD MovieFactory 6-->C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
UltimateBet-->C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
WADder 0.9-->"C:\wadder\unins000.exe"
Windows Driver Package - Conexant (cxpl_mhd) Media (11/07/2007 6.0.104.0038)-->rundll32.exe C:\PROGRA~1\DIFX\690455CD803D2085\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\y_cx88x.inf_06fe565d\y_cx88x.inf
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)-->rundll32.exe C:\PROGRA~1\DIFX\690455CD803D2085\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\omnitv.inf_0f87386d\omnitv.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.0-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Hack Pack RC1-->"C:\Windows\Xbox 360 Hack Pack RC1\uninstall.exe" "/U:C:\Program Files\Xbox 360 Hack Pack RC1\Uninstall\uninstall.xml"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Spybot - Search and Destroy
AS: Windows Defender

System event log

Computer Name: moosh-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 58980
Source Name: Service Control Manager
Time Written: 20090106224723.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 58981
Source Name: Service Control Manager
Time Written: 20090106230353.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 58982
Source Name: Service Control Manager
Time Written: 20090107034741.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 58983
Source Name: Service Control Manager
Time Written: 20090107040411.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 93
Message: MAC FIFO status 1
Record Number: 58984
Source Name: yukonwlh
Time Written: 20090107051909.666776-000
Event Type: Error
User:

Application event log

Computer Name: moosh-PC
Event Code: 1001
Message: Fault bucket 32034982, type 5
Event Name: MpTelemetry
Response: None
Cab Id: 0

Problem signature:
P1: 80244019
P2: EndSearch
P3: Search
P4: 1.1.1600.0
P5: MpSigDwn.dll
P6: 1.1.1600.0
P7: Windows Defender
P8:
P9:
P10:

Attached files:
C:\Windows\Temp\MPTelemetrySubmit\client_manifest.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report0924aa63
Record Number: 10097
Source Name: Windows Error Reporting
Time Written: 20090105080908.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 10098
Source Name: VSS
Time Written: 20090105090016.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 10099
Source Name: VSS
Time Written: 20090106062240.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 1001
Message: Fault bucket 32034982, type 5
Event Name: MpTelemetry
Response: None
Cab Id: 0

Problem signature:
P1: 80244019
P2: EndSearch
P3: Search
P4: 1.1.1600.0
P5: MpSigDwn.dll
P6: 1.1.1600.0
P7: Windows Defender
P8:
P9:
P10:

Attached files:
C:\Windows\Temp\MPTelemetrySubmit\client_manifest.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report14c303f2
Record Number: 10100
Source Name: Windows Error Reporting
Time Written: 20090106080907.000000-000
Event Type: Information
User:

Computer Name: moosh-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 10101
Source Name: LightScribeService
Time Written: 20090107062547.000000-000
Event Type: Information
User:

Security event log

Computer Name: moosh-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 16248
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090107062544.445876-000
Event Type: Audit Failure
User:

Computer Name: moosh-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 16249
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090107062544.477076-000
Event Type: Audit Failure
User:

Computer Name: moosh-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 16250
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090107062544.508276-000
Event Type: Audit Failure
User:

Computer Name: moosh-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 16251
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090107062544.523876-000
Event Type: Audit Failure
User:

Computer Name: moosh-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 16252
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090107062544.555076-000
Event Type: Audit Failure
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Common Files\Ulead Systems\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=6b02
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------
moosh01
Active Member
 
Posts: 7
Joined: December 31st, 2008, 2:34 am

Re: hijack this log, browser has been hijacked

Unread postby Sharagoz » January 8th, 2009, 3:55 pm

You have quite a few malware scanners installed.
Which ones have you run to try and solve this problem?

Are the only problems you are experiencing related to browser redirects?
(Meaning that when you try to access a page you are automatically sent to another)
What type of pages are you redirected to?

I'd like to see a GMER log
  • Download gmer.zip by GMER from here and extract it to a folder on your desktop
  • Double click on gmer.exe to launch the program
  • If asked, allow the gmer.sys driver to load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning, click the Rootkit/Malware tab and then Scan
  • Once the scan has finished, click copy
  • Create a new notepad document on your desktop, name it "gmerrk.txt", open it, insert the GMER log by right-clicking in the document and chosing Paste, and then save the document
  • This log must be included in your next reply
  • Back in GMER, click on the >>> tab to bring up additional tabs
  • Click on the Autostart tab and then click Scan
  • Once the scan has finished, click copy, start a new reply here, right click and select "paste" to copy the log.
  • Also remember to copy the content of "gmerrk.txt" into the reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: hijack this log, browser has been hijacked

Unread postby moosh01 » January 9th, 2009, 12:04 am

I have used malwarebytes and mcafee to try and fix this they both find nothing.
Browser redirects are the main problem, but it also will not let mcafee update. That is all I have noticed.
As far as the redirects, I am redirected to a google search for adult materials and I have been redirected to a site that says it is scanning my system for viruses but I close out of the window before it completes.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-08 22:02:19
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8EFB89BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8EFB8958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8EFB896C]
Code 854EC348 ZwEnumerateKey
Code 85524510 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8EFB89FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8EFB8A3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8EFB8930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8EFB8944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8EFB89D2]
Code 853E01F8 ZwQueryValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8EFB8A67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8EFB8A53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8EFB89AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8EFB8996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8EFB8A2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8EFB8A12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8EFB89E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8EFB8982]
Code 854F01E5 IofCallDriver
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 81E5E18C 5 Bytes JMP 8EFB89EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!IofCallDriver 81EF2F6F 5 Bytes JMP 854F01EA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81FE930B 5 Bytes JMP 85524514
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81FF817C 5 Bytes JMP 8EFB8A43 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81FFFDCA 5 Bytes JMP 8EFB8986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82019F80 5 Bytes JMP 8EFB8A2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 820391DC 5 Bytes JMP 8EFB8948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 8203CB57 5 Bytes JMP 853E01FC
PAGE ntkrnlpa.exe!ZwEnumerateKey 8203EBB4 5 Bytes JMP 854EC34C
PAGE ntkrnlpa.exe!NtOpenProcess 82048B18 5 Bytes JMP 8EFB8934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8205B74E 7 Bytes JMP 8EFB8A00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8205BDA5 5 Bytes JMP 8EFB8A16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8205DFB6 5 Bytes JMP 8EFB89C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 8206B674 5 Bytes JMP 8EFB899A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8206D8CE 7 Bytes JMP 8EFB89D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8208C452 5 Bytes JMP 8EFB8A57 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8208D49E 5 Bytes JMP 8EFB8A6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 820CB1C1 5 Bytes JMP 8EFB895C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 820CB20C 7 Bytes JMP 8EFB8970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 820CBCCB 5 Bytes JMP 8EFB89AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00420F66
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 004200AC
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00420F4B
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 004200D8
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00420F8B
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00420FCA
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00420065
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00420FB9
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 0042008A
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00420FA8
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00420040
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 0042009B
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00420F3A
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00420FE5
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00420000
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 0042001B
.text C:\Windows\system32\services.exe[692] kernel32.dll!WinExec 768753E7 5 Bytes JMP 004200C7
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 0098005B
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00980FB9
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00980FE5
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00980040
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00980076
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 0098000A
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00980FD4
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00980025
.text C:\Windows\system32\services.exe[692] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 0099000A
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00240F55
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 0024009B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 002400C7
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 767E1C36 1 Byte [ E9 ]
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA + 2 767E1C38 3 Bytes [ F2, A5, 89 ]
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 0024006F
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00240040
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00240F8B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00240FC3
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00240080
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00240FA8
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00240FD4
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00240F70
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 002400D8
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 0024000A
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00240FEF
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 0024001B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 768753E7 5 Bytes JMP 002400B6
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00250076
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 0025004A
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00250000
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00250065
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00250FB9
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00250FDE
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00250FEF
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00250039
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 002D0FE5
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00950087
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00950076
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00950F26
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 009500B3
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00950F66
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00950FCA
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00950F8D
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00950F9E
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00950F4B
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00950040
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00950FAF
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00950065
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 009500CE
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00950FE5
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!WinExec 768753E7 5 Bytes JMP 009500A2
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00960FD4
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 0096005B
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00960076
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00960091
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00960025
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00960036
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 009F001B
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[896] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00A00000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00990F37
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 0099007D
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 009900BD
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 009900A2
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00990F92
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00990FCA
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 0099006C
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00990051
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00990F77
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00990FAF
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00990036
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00990F5C
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00990F0B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 0099001B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00990000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00990FE5
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00990F26
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 009A0F8A
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 009A002C
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 009A0000
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 009A0FA5
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 009A0F6F
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 009A0011
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 009A0FDB
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 009A0FC0
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 009F001B
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 009F000A
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[956] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00A0000A
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00A40F6A
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00A400BA
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00A400E6
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00A400CB
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00A40FAA
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00A40022
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00A40084
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00A40058
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00A40F8F
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00A40073
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00A40033
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00A4009F
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00A40F34
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00A40FDB
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00A40000
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00A40011
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00A40F4F
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00A50058
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00A50022
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00A50FE5
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00A5003D
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00A50F9B
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00A50FC0
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00A50000
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00A50011
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00A60FEF
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00A6000A
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00A60FD4
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00A60FB9
.text C:\Windows\System32\svchost.exe[1008] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00E00000
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00DE0F72
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00DE00B8
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00DE00E7
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00DE0F50
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00DE0071
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00DE0FBC
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00DE0060
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00DE0039
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00DE008C
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00DE0F97
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00DE001E
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00DE009D
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00DE0F3F
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00DE0FDE
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00DE0FEF
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00DE0FCD
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00DE0F61
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00DF0FAF
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00DF0040
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00DF0000
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00DF005B
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00DF0F9E
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00DF001B
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00DF0FE5
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00DF0FCA
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00E40000
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00E40036
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00E4001B
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00E40051
.text C:\Windows\System32\svchost.exe[1144] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00E5000A
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 01200076
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 01200F30
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 012000A2
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 01200F01
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 01200F77
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 01200025
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 01200051
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 01200040
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 01200F66
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 01200F94
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 01200FB9
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 01200F41
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 01200EE6
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 01200FEF
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 01200000
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 01200FD4
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!WinExec 768753E7 5 Bytes JMP 01200087
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 01210F5E
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 01210000
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 01210FE5
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 01210F79
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 01210F4D
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 01210FB9
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 01210FCA
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 01210F94
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 01660000
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 01660FCA
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 01660FE5
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 01660FB9
.text C:\Windows\System32\svchost.exe[1208] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 01670000
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00FD00A2
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00FD0091
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00FD0F26
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00FD00BD
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00FD005B
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00FD0025
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00FD0F81
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00FD0FAF
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00FD006C
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00FD0F9E
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00FD0036
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00FD0F5C
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00FD00E2
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00FD0FE5
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00FD0000
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00FD0FD4
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00FD0F4B
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00FE0058
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00FE0047
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00FE0FB6
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00FE0FA5
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00FE0025
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00FE0036
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00FF0000
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00FF0011
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00FF0FE5
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00FF0022
.text C:\Windows\system32\svchost.exe[1240] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 01200FE5
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00E10045
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00E10F09
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00E10060
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00E10ED3
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00E10F50
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00E10F9E
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00E10F61
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00E10F83
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00E10F35
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00E10F72
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00E1000A
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00E10F1A
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00E10071
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00E10FCA
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00E10FEF
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00E10FB9
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00E10EE4
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00E60036
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00E60F9E
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00E60FE5
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00E60025
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00E60051
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00E60FC0
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00E60000
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00E60FAF
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 01680FEF
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 01680000
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 01680FD4
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 01680011
.text C:\Windows\system32\svchost.exe[1396] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 016D0FEF
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 02B50F5F
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 02B50F70
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 02B500D1
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateProcessA 767E1C36 1 Byte [ E9 ]
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateProcessA + 2 767E1C38 3 Bytes [ F2, 36, 8C ]
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 02B50065
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 02B5002F
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 02B50F81
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 02B50FA8
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 02B50080
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 02B5004A
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 02B50FC3
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 02B5009B
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 02B500E2
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 02B5000A
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 02B50FEF
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 02B50FDE
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!WinExec 768753E7 5 Bytes JMP 02B500B6
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 02B60FCA
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 02B60FEF
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 02B6000A
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 02B6006C
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 02B60091
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 02B60036
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 02B6001B
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 02B60051
.text C:\Windows\Explorer.EXE[1500] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 03300FEF
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 02B70FEF
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 02B70FC3
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 02B70FD4
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 02B70FA8
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 01A300CB
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 01A300B0
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 01A30108
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 01A300ED
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 01A30F8F
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 01A30047
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 01A30FAA
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 01A30058
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 01A3008E
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 01A30073
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 01A30FDB
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 01A3009F
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 01A30F56
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 01A3001B
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 01A30000
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 01A30036
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!WinExec 768753E7 5 Bytes JMP 01A300DC
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 01A40FB9
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 01A4005B
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 01A4000A
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 01A40FD4
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 01A40F9E
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 01A40FE5
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 01A4001B
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 01A40040
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 01A90000
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 01A90FDB
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 01A90011
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 01A90FCA
.text C:\Windows\system32\svchost.exe[1932] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 01B20FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3424] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3424] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00940098
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00940F52
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00940F26
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 009400BD
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00940062
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00940011
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00940F94
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00940047
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00940073
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00940FA5
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 0094002C
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00940F6D
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 009400D8
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00940FEF
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00940FCA
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00940F41
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00950039
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00950014
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00950F8D
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 0095004A
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00950FC3
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00950FD4
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00950FA8
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 009E0FD4
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 009E001B
.text C:\Windows\system32\svchost.exe[3676] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00C50082
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00C50071
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00C500BF
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00C500AE
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00C50F61
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00C50FC3
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00C50F7C
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00C50FA8
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00C50056
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00C50F8D
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00C5002F
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00C50F46
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00C500D0
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00C5000A
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00C50FEF
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00C50FD4
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00C50093
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00C60062
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00C60051
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00C60000
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00C60FC0
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00C60F9B
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00C60FE5
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00C6001B
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00C60036
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00C70FEF
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00C70025
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00C7000A
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00C70FD4
.text C:\Windows\system32\svchost.exe[3740] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00C80000
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00EF00C2
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00EF00A7
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00EF0F50
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00EF0F6B
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00EF0071
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00EF0FD4
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00EF0F97
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00EF0FA8
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00EF0F86
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00EF0054
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00EF0FC3
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00EF0096
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00EF0F3F
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00EF0025
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00EF0000
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00EF0FEF
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00EF00E7
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00F00F72
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00F00F8D
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00F00FE5
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00F0001E
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00F00F61
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00F00FB9
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00F00FD4
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00F00FA8
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00F10000
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00F10FCA
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00F10FDB
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00F10FAF
.text C:\Windows\system32\svchost.exe[3848] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00F60FE5
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 008D00B6
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 008D00A5
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 008D00EC
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 008D0F4B
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 008D006F
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 008D0FCA
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 008D0F97
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 008D0FB9
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 008D0080
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 008D0FA8
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 008D0040
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 008D0F7A
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 008D0F3A
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 008D001B
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 008D0000
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 008D0FDB
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!WinExec 768753E7 5 Bytes JMP 008D00C7
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 008E0F68
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 008E0F9E
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 008E0000
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 008E0F79
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 008E0F4D
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 008E0FCA
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 008E0FE5
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 008E0FAF
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 008F0000
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 008F0FE5
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 008F0011
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 008F002C
.text C:\Windows\System32\svchost.exe[4016] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00900FEF

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74D97BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74DD98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74D9D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74D8F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74D97599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74D8E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74DCB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74D9D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74D9012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74D90095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74D871F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74E1D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74DB75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74D8DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74D8668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74D866BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74D91E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01132B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [011311D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [011327E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [01131B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\msqpdxebietver.sys (*** hidden *** ) 8E8D8000-8E902000 (172032 bytes)

---- Services - GMER 1.0.14 ----

Service C:\Windows\system32\drivers\msqpdxebietver.sys (*** hidden *** ) [SYSTEM] msqpdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxioujikxy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxioujikxy.dll
Reg HKLM\SOFTWARE\Classes\msqpdxvx
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxrun 71
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxpff 8067
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxaff 3191
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxinfo ?}gx~yc?~d?``omcyjloumllqRSRc
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxid qfy?z{yz??i`???oc?oo?djhk"YVT!&W!_,
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxsrv 1745024793
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxpos 5}~p|}{v?p4biedfbakz

---- EOF - GMER 1.0.14 ----

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2009-01-08 22:03:47
Windows 6.0.6001 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
Acer HomeMedia Connect Service@ = "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
AcerMemUsageCheckService@ = C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
Ati External Event Utility@ = %SystemRoot%\system32\Ati2evxx.exe
Capture Device Service@ = "C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe"
DIMSVC@ = C:\Program Files\Pa-software\Disc Image Demo\dimsvc.exe
eDataSecurity Service@ = "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
eRecoveryService@ = C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
eSettingsService@ = C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
gusvc@ = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
LightScribeService@ = "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
McAfee SiteAdvisor Service@ = "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"
mcmscsvc@ = C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
McNASvc@ = "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
McProxy@ = c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
McShield@ = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
MSK80Service@ = "C:\Program Files\McAfee\MSK\MskSrver.exe"
SBSDWSCService@ = C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
slsvc@ = %SystemRoot%\system32\SLsvc.exe
TVersityMediaServer@ = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe
WMPNetworkSvc@ = "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Windows Defender%ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/ = %ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@mcagent_exeC:\Program Files\McAfee.com\Agent\mcagent.exe /runkey /*file not found*/ = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey /*file not found*/
@Acer Empowering Technology MonitorC:\Acer\Empowering Technology\SysMonitor.exe = C:\Acer\Empowering Technology\SysMonitor.exe
@PCMMediaSharingC:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
@SMSERIALC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
@eDataSecurity LoaderC:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
@Acer Product Registration"C:\Program Files\Acer Registration\ACE1.exe" /startup = "C:\Program Files\Acer Registration\ACE1.exe" /startup
@Acer Assist LauncherC:\Program Files\Acer Assist\launcher.exe = C:\Program Files\Acer Assist\launcher.exe
@StartCCC"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
@eRecoveryService /*file not found*/ = /*file not found*/
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@AdobeCS4ServiceManager"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin = "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@RegistryMechanic /*file not found*/ = /*file not found*/
@THGuard"C:\Program Files\TrojanHunter 5.0\THGuard.exe" = "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} /*eDS psd drag drop protection*/C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll = C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{0561EC90-CE54-4f0c-9C55-E226110A740C} /*Haali Column Provider*/C:\Windows\system32\mmfinfo.dll = C:\Windows\system32\mmfinfo.dll
@{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} /*Haali Matroska Shell Property Page*/C:\Windows\system32\mmfinfo.dll = C:\Windows\system32\mmfinfo.dll
@{327669A0-59A7-4be9-B99E-1C9F3A57611A} /*Haali Matroska Thumbnail Extractor*/C:\Windows\system32\mmfinfo.dll = C:\Windows\system32\mmfinfo.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/(null) =
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/(null) =
@{D845084B-D812-4CA2-A451-645608B24F85} /*Disc image shell menu extension*/C:\Program Files\Pa-software\Disc Image Demo\dishlext.dll = C:\Program Files\Pa-software\Disc Image Demo\dishlext.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} /*TrojanHunter Menu Shell Extension*/C:\PROGRA~1\TROJAN~1.0\contmenu.dll = C:\PROGRA~1\TROJAN~1.0\contmenu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DIShellMenu@{D845084B-D812-4CA2-A451-645608B24F85} = C:\Program Files\Pa-software\Disc Image Demo\dishlext.dll
EDSshellExt@{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll
McCtxMenu@{01576F39-90DE-4D6E-A068-5B20C22BAAEE} = c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EDSshellExt@{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
McCtxMenu@{01576F39-90DE-4D6E-A068-5B20C22BAAEE} = c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4efb-9B51-7695ECA05670}C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}c:\PROGRA~1\mcafee\msk\mcapbho.dll = c:\PROGRA~1\mcafee\msk\mcapbho.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{7DB2D5A0-7241-4E79-B68D-6309F01C5231}C:\Program Files\McAfee\VirusScan\scriptsn.dll = C:\Program Files\McAfee\VirusScan\scriptsn.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
@{B164E929-A1B6-4A06-B104-2CD0E90A88FF}c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\Windows\system32\SSBRAN~1.SCR

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://en.us.acer.yahoo.com = http://en.us.acer.yahoo.com
@Start Pagehttp://en.us.acer.yahoo.com = http://en.us.acer.yahoo.com
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msn.com/?vv=550 = http://www.msn.com/?vv=550
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
sacore@CLSID = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll
wlmailhtml@CLSID = C:\Program Files\Windows Live\Mail\mailcomm.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E18E4F40-05F5-4E1C-8DCE-C1EFA89EA173} /*Local Area Connection*/ >>>
@IPAddress =
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

C:\Users\moosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup = MagicDisc.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup >>>
Empowering Technology Launcher.lnk = Empowering Technology Launcher.lnk
NETGEAR WG111v3 Smart Wizard.lnk = NETGEAR WG111v3 Smart Wizard.lnk

---- EOF - GMER 1.0.14 ----
moosh01
Active Member
 
Posts: 7
Joined: December 31st, 2008, 2:34 am

Re: hijack this log, browser has been hijacked

Unread postby moosh01 » January 9th, 2009, 12:06 am

I have used malwarebytes and mcafee to try and fix this they both find nothing.
Browser redirects are the main problem, but it also will not let mcafee update. That is all I have noticed.
As far as the redirects, I am redirected to a google search for adult materials and I have been redirected to a site that says it is scanning my system for viruses but I close out of the window before it completes.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-08 22:02:19
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8EFB89BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8EFB8958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8EFB896C]
Code 854EC348 ZwEnumerateKey
Code 85524510 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8EFB89FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8EFB8A3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8EFB8930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8EFB8944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8EFB89D2]
Code 853E01F8 ZwQueryValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8EFB8A67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8EFB8A53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8EFB89AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8EFB8996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8EFB8A2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8EFB8A12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8EFB89E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8EFB8982]
Code 854F01E5 IofCallDriver
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 81E5E18C 5 Bytes JMP 8EFB89EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!IofCallDriver 81EF2F6F 5 Bytes JMP 854F01EA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81FE930B 5 Bytes JMP 85524514
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81FF817C 5 Bytes JMP 8EFB8A43 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81FFFDCA 5 Bytes JMP 8EFB8986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82019F80 5 Bytes JMP 8EFB8A2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 820391DC 5 Bytes JMP 8EFB8948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 8203CB57 5 Bytes JMP 853E01FC
PAGE ntkrnlpa.exe!ZwEnumerateKey 8203EBB4 5 Bytes JMP 854EC34C
PAGE ntkrnlpa.exe!NtOpenProcess 82048B18 5 Bytes JMP 8EFB8934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8205B74E 7 Bytes JMP 8EFB8A00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8205BDA5 5 Bytes JMP 8EFB8A16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8205DFB6 5 Bytes JMP 8EFB89C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 8206B674 5 Bytes JMP 8EFB899A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8206D8CE 7 Bytes JMP 8EFB89D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8208C452 5 Bytes JMP 8EFB8A57 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8208D49E 5 Bytes JMP 8EFB8A6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 820CB1C1 5 Bytes JMP 8EFB895C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 820CB20C 7 Bytes JMP 8EFB8970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 820CBCCB 5 Bytes JMP 8EFB89AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00420F66
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 004200AC
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00420F4B
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 004200D8
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00420F8B
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00420FCA
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00420065
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00420FB9
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 0042008A
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00420FA8
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00420040
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 0042009B
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00420F3A
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00420FE5
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00420000
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 0042001B
.text C:\Windows\system32\services.exe[692] kernel32.dll!WinExec 768753E7 5 Bytes JMP 004200C7
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 0098005B
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00980FB9
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00980FE5
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00980040
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00980076
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 0098000A
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00980FD4
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00980025
.text C:\Windows\system32\services.exe[692] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 0099000A
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00240F55
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 0024009B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 002400C7
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 767E1C36 1 Byte [ E9 ]
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA + 2 767E1C38 3 Bytes [ F2, A5, 89 ]
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 0024006F
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00240040
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00240F8B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00240FC3
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00240080
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00240FA8
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00240FD4
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00240F70
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 002400D8
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 0024000A
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00240FEF
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 0024001B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 768753E7 5 Bytes JMP 002400B6
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00250076
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 0025004A
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00250000
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00250065
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00250FB9
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00250FDE
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00250FEF
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00250039
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 002D0FE5
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00950087
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00950076
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00950F26
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 009500B3
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00950F66
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00950FCA
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00950F8D
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00950F9E
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00950F4B
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00950040
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00950FAF
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00950065
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 009500CE
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00950FE5
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!WinExec 768753E7 5 Bytes JMP 009500A2
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00960FD4
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 0096005B
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00960076
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00960091
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00960025
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00960036
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 009F001B
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[896] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00A00000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00990F37
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 0099007D
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 009900BD
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 009900A2
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00990F92
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00990FCA
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 0099006C
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00990051
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00990F77
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00990FAF
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00990036
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00990F5C
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00990F0B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 0099001B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00990000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00990FE5
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00990F26
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 009A0F8A
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 009A002C
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 009A0000
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 009A0FA5
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 009A0F6F
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 009A0011
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 009A0FDB
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 009A0FC0
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 009F001B
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 009F000A
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[956] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00A0000A
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00A40F6A
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00A400BA
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00A400E6
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00A400CB
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00A40FAA
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00A40022
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00A40084
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00A40058
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00A40F8F
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00A40073
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00A40033
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00A4009F
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00A40F34
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00A40FDB
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00A40000
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00A40011
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00A40F4F
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00A50058
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00A50022
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00A50FE5
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00A5003D
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00A50F9B
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00A50FC0
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00A50000
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00A50011
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00A60FEF
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00A6000A
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00A60FD4
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00A60FB9
.text C:\Windows\System32\svchost.exe[1008] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00E00000
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00DE0F72
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00DE00B8
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00DE00E7
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00DE0F50
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00DE0071
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00DE0FBC
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00DE0060
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00DE0039
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00DE008C
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00DE0F97
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00DE001E
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00DE009D
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00DE0F3F
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00DE0FDE
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00DE0FEF
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00DE0FCD
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00DE0F61
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00DF0FAF
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00DF0040
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00DF0000
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00DF005B
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00DF0F9E
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00DF001B
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00DF0FE5
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00DF0FCA
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00E40000
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00E40036
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00E4001B
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00E40051
.text C:\Windows\System32\svchost.exe[1144] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00E5000A
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 01200076
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 01200F30
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 012000A2
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 01200F01
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 01200F77
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 01200025
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 01200051
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 01200040
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 01200F66
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 01200F94
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 01200FB9
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 01200F41
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 01200EE6
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 01200FEF
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 01200000
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 01200FD4
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!WinExec 768753E7 5 Bytes JMP 01200087
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 01210F5E
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 01210000
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 01210FE5
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 01210F79
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 01210F4D
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 01210FB9
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 01210FCA
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 01210F94
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 01660000
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 01660FCA
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 01660FE5
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 01660FB9
.text C:\Windows\System32\svchost.exe[1208] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 01670000
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00FD00A2
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00FD0091
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00FD0F26
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00FD00BD
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00FD005B
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00FD0025
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00FD0F81
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00FD0FAF
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00FD006C
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00FD0F9E
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00FD0036
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00FD0F5C
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00FD00E2
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00FD0FE5
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00FD0000
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00FD0FD4
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00FD0F4B
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00FE0058
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00FE0047
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00FE0FB6
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00FE0FA5
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00FE0025
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00FE0036
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00FF0000
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00FF0011
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00FF0FE5
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00FF0022
.text C:\Windows\system32\svchost.exe[1240] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 01200FE5
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00E10045
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00E10F09
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00E10060
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00E10ED3
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00E10F50
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00E10F9E
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00E10F61
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00E10F83
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00E10F35
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00E10F72
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00E1000A
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00E10F1A
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00E10071
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00E10FCA
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00E10FEF
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00E10FB9
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00E10EE4
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00E60036
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00E60F9E
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00E60FE5
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00E60025
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00E60051
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00E60FC0
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00E60000
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00E60FAF
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 01680FEF
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 01680000
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 01680FD4
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 01680011
.text C:\Windows\system32\svchost.exe[1396] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 016D0FEF
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 02B50F5F
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 02B50F70
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 02B500D1
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateProcessA 767E1C36 1 Byte [ E9 ]
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateProcessA + 2 767E1C38 3 Bytes [ F2, 36, 8C ]
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 02B50065
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 02B5002F
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 02B50F81
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 02B50FA8
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 02B50080
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 02B5004A
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 02B50FC3
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 02B5009B
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 02B500E2
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 02B5000A
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 02B50FEF
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 02B50FDE
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!WinExec 768753E7 5 Bytes JMP 02B500B6
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 02B60FCA
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 02B60FEF
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 02B6000A
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 02B6006C
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 02B60091
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 02B60036
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 02B6001B
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 02B60051
.text C:\Windows\Explorer.EXE[1500] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 03300FEF
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 02B70FEF
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 02B70FC3
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 02B70FD4
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 02B70FA8
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 01A300CB
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 01A300B0
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 01A30108
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 01A300ED
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 01A30F8F
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 01A30047
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 01A30FAA
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 01A30058
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 01A3008E
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 01A30073
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 01A30FDB
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 01A3009F
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 01A30F56
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 01A3001B
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 01A30000
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 01A30036
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!WinExec 768753E7 5 Bytes JMP 01A300DC
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 01A40FB9
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 01A4005B
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 01A4000A
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 01A40FD4
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 01A40F9E
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 01A40FE5
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 01A4001B
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 01A40040
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 01A90000
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 01A90FDB
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 01A90011
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 01A90FCA
.text C:\Windows\system32\svchost.exe[1932] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 01B20FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3424] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3424] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00940098
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00940F52
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00940F26
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 009400BD
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00940062
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00940011
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00940F94
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00940047
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00940073
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00940FA5
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 0094002C
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00940F6D
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 009400D8
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00940FEF
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00940FCA
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00940F41
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00950039
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00950014
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00950F8D
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 0095004A
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00950FC3
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00950FD4
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00950FA8
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 009E0FD4
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 009E001B
.text C:\Windows\system32\svchost.exe[3676] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00C50082
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00C50071
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00C500BF
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00C500AE
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00C50F61
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00C50FC3
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00C50F7C
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00C50FA8
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00C50056
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00C50F8D
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00C5002F
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00C50F46
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00C500D0
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00C5000A
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00C50FEF
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00C50FD4
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00C50093
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00C60062
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00C60051
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00C60000
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00C60FC0
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00C60F9B
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00C60FE5
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00C6001B
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00C60036
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00C70FEF
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00C70025
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00C7000A
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00C70FD4
.text C:\Windows\system32\svchost.exe[3740] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00C80000
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00EF00C2
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00EF00A7
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00EF0F50
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00EF0F6B
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00EF0071
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00EF0FD4
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00EF0F97
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00EF0FA8
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00EF0F86
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00EF0054
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00EF0FC3
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00EF0096
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00EF0F3F
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00EF0025
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00EF0000
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00EF0FEF
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00EF00E7
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00F00F72
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00F00F8D
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00F00FE5
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00F0001E
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00F00F61
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00F00FB9
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00F00FD4
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00F00FA8
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00F10000
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00F10FCA
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00F10FDB
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00F10FAF
.text C:\Windows\system32\svchost.exe[3848] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00F60FE5
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 008D00B6
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 008D00A5
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 008D00EC
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 008D0F4B
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 008D006F
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 008D0FCA
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 008D0F97
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 008D0FB9
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 008D0080
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 008D0FA8
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 008D0040
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 008D0F7A
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 008D0F3A
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 008D001B
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 008D0000
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 008D0FDB
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!WinExec 768753E7 5 Bytes JMP 008D00C7
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 008E0F68
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 008E0F9E
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 008E0000
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 008E0F79
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 008E0F4D
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 008E0FCA
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 008E0FE5
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 008E0FAF
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 008F0000
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 008F0FE5
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 008F0011
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 008F002C
.text C:\Windows\System32\svchost.exe[4016] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00900FEF

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74D97BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74DD98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74D9D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74D8F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74D97599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74D8E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74DCB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74D9D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74D9012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74D90095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74D871F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74E1D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74DB75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74D8DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74D8668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74D866BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74D91E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01132B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [011311D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [011327E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [01131B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\msqpdxebietver.sys (*** hidden *** ) 8E8D8000-8E902000 (172032 bytes)

---- Services - GMER 1.0.14 ----

Service C:\Windows\system32\drivers\msqpdxebietver.sys (*** hidden *** ) [SYSTEM] msqpdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxioujikxy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxioujikxy.dll
Reg HKLM\SOFTWARE\Classes\msqpdxvx
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxrun 71
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxpff 8067
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxaff 3191
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxinfo ?}gx~yc?~d?``omcyjloumllqRSRc
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxid qfy?z{yz??i`???oc?oo?djhk"YVT!&W!_,
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxsrv 1745024793
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxpos 5}~p|}{v?p4biedfbakz

---- EOF - GMER 1.0.14 ----

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2009-01-08 22:03:47
Windows 6.0.6001 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
Acer HomeMedia Connect Service@ = "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
AcerMemUsageCheckService@ = C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
Ati External Event Utility@ = %SystemRoot%\system32\Ati2evxx.exe
Capture Device Service@ = "C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe"
DIMSVC@ = C:\Program Files\Pa-software\Disc Image Demo\dimsvc.exe
eDataSecurity Service@ = "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
eRecoveryService@ = C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
eSettingsService@ = C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
gusvc@ = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
LightScribeService@ = "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
McAfee SiteAdvisor Service@ = "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"
mcmscsvc@ = C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
McNASvc@ = "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
McProxy@ = c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
McShield@ = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
MSK80Service@ = "C:\Program Files\McAfee\MSK\MskSrver.exe"
SBSDWSCService@ = C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
slsvc@ = %SystemRoot%\system32\SLsvc.exe
TVersityMediaServer@ = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe
WMPNetworkSvc@ = "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Windows Defender%ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/ = %ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@mcagent_exeC:\Program Files\McAfee.com\Agent\mcagent.exe /runkey /*file not found*/ = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey /*file not found*/
@Acer Empowering Technology MonitorC:\Acer\Empowering Technology\SysMonitor.exe = C:\Acer\Empowering Technology\SysMonitor.exe
@PCMMediaSharingC:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
@SMSERIALC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
@eDataSecurity LoaderC:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
@Acer Product Registration"C:\Program Files\Acer Registration\ACE1.exe" /startup = "C:\Program Files\Acer Registration\ACE1.exe" /startup
@Acer Assist LauncherC:\Program Files\Acer Assist\launcher.exe = C:\Program Files\Acer Assist\launcher.exe
@StartCCC"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
@eRecoveryService /*file not found*/ = /*file not found*/
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@AdobeCS4ServiceManager"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin = "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@RegistryMechanic /*file not found*/ = /*file not found*/
@THGuard"C:\Program Files\TrojanHunter 5.0\THGuard.exe" = "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} /*eDS psd drag drop protection*/C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll = C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{0561EC90-CE54-4f0c-9C55-E226110A740C} /*Haali Column Provider*/C:\Windows\system32\mmfinfo.dll = C:\Windows\system32\mmfinfo.dll
@{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} /*Haali Matroska Shell Property Page*/C:\Windows\system32\mmfinfo.dll = C:\Windows\system32\mmfinfo.dll
@{327669A0-59A7-4be9-B99E-1C9F3A57611A} /*Haali Matroska Thumbnail Extractor*/C:\Windows\system32\mmfinfo.dll = C:\Windows\system32\mmfinfo.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/(null) =
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/(null) =
@{D845084B-D812-4CA2-A451-645608B24F85} /*Disc image shell menu extension*/C:\Program Files\Pa-software\Disc Image Demo\dishlext.dll = C:\Program Files\Pa-software\Disc Image Demo\dishlext.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} /*TrojanHunter Menu Shell Extension*/C:\PROGRA~1\TROJAN~1.0\contmenu.dll = C:\PROGRA~1\TROJAN~1.0\contmenu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DIShellMenu@{D845084B-D812-4CA2-A451-645608B24F85} = C:\Program Files\Pa-software\Disc Image Demo\dishlext.dll
EDSshellExt@{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll
McCtxMenu@{01576F39-90DE-4D6E-A068-5B20C22BAAEE} = c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EDSshellExt@{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
McCtxMenu@{01576F39-90DE-4D6E-A068-5B20C22BAAEE} = c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4efb-9B51-7695ECA05670}C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}c:\PROGRA~1\mcafee\msk\mcapbho.dll = c:\PROGRA~1\mcafee\msk\mcapbho.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{7DB2D5A0-7241-4E79-B68D-6309F01C5231}C:\Program Files\McAfee\VirusScan\scriptsn.dll = C:\Program Files\McAfee\VirusScan\scriptsn.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
@{B164E929-A1B6-4A06-B104-2CD0E90A88FF}c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\Windows\system32\SSBRAN~1.SCR

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://en.us.acer.yahoo.com = http://en.us.acer.yahoo.com
@Start Pagehttp://en.us.acer.yahoo.com = http://en.us.acer.yahoo.com
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msn.com/?vv=550 = http://www.msn.com/?vv=550
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
sacore@CLSID = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll
wlmailhtml@CLSID = C:\Program Files\Windows Live\Mail\mailcomm.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E18E4F40-05F5-4E1C-8DCE-C1EFA89EA173} /*Local Area Connection*/ >>>
@IPAddress =
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

C:\Users\moosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup = MagicDisc.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup >>>
Empowering Technology Launcher.lnk = Empowering Technology Launcher.lnk
NETGEAR WG111v3 Smart Wizard.lnk = NETGEAR WG111v3 Smart Wizard.lnk

---- EOF - GMER 1.0.14 ----
moosh01
Active Member
 
Posts: 7
Joined: December 31st, 2008, 2:34 am

Re: hijack this log, browser has been hijacked

Unread postby Sharagoz » January 9th, 2009, 4:12 pm

Warning
You may have an infection that is designed to spread through removable storage devices (memory sticks, external harddrives, etc).
For now do not connect any such devices to the infected PC, and if any are currently connected, leave them there so that you dont spread the infection to other computers.

I have prepared a fix for you and posted it for approval.
As I am only an undergrad at this uni I need to have all my fixes approved by a teacher before they can be posted.
The downside with this is that things take a little more time. The upside is that you'll have two set of eyes checking your logs, so you can be sure nothing will be missed, and the teachers here are among the best malware removers you'll find anywhere, online or not, so you can feel confident you are in the right hands.
The initial waiting time can take up to 48hrs, depending on how busy the teachers are, so please stay patient.
Once a teacher finds a free slot we'll be on our way to a clean computer, and the subsequent replies will usually be faster.
In the top left corner of your opening post there is a link called Subscribe topic. If you click it you will be subscribed to this thread and will receive instant email notification of new replies. For most people this works better than periodically checking back here to see if there's any new posts.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: hijack this log, browser has been hijacked

Unread postby moosh01 » January 10th, 2009, 7:58 pm

Thanks for the help, I will be checking my email for a reply.
moosh01
Active Member
 
Posts: 7
Joined: December 31st, 2008, 2:34 am

Re: hijack this log, browser has been hijacked

Unread postby Sharagoz » January 12th, 2009, 2:38 pm

You need to temporarily Disable TrojanHunter
  • Right-click on the TrojanHunter icon in the lower right corner of your screen.
    (It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red)
  • Click Settings and uncheck both Load at startup and Enabled
  • We'll enable it again once your computer is clean

You must also disable McAfee while you do the next procedure

Download and Run ComboFix
  • Visit this webpage for download links and and instructions on how to properly run ComboFix:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Make sure you install the recovery consol as instructed beforehand
    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time and can be a lifesaver later.
    Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • Run ComboFix as instructed by the tutorial. When ComboFix is finished running, a log will be opened. Include this log in your next reply.

Questions:
Do you have any removable storage devices that may have infected your computer?
Have you connected any such devices to your computer since you began to notice the infection?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: hijack this log, browser has been hijacked

Unread postby moosh01 » January 13th, 2009, 12:10 am

First to answer your question. Yes I have an External 500gb HDD. It is only connected to this computer, and it has been during this whole process.


ComboFix 09-01-11.04 - moosh 2009-01-12 21:57:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1791.743 [GMT -6:00]
Running from: c:\users\moosh\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\moosh\AppData\Roaming\.#
c:\users\moosh\AppData\Roaming\inst.exe
c:\windows\system32\drivers\msqpdxebietver.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\msqpdxioujikxy.dll
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Service_MSQPDXSERV.SYS
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-08 21:57 . 2009-01-08 21:57 250 --a------ c:\windows\gmer.ini
2009-01-07 00:25 . 2009-01-07 00:25 <DIR> d-------- C:\rsit
2009-01-03 13:43 . 2009-01-07 00:25 <DIR> d-------- c:\program files\trend micro
2009-01-02 02:17 . 2009-01-02 02:17 524,288 --ahs---- C:\ntuser.dat{e91ed0f4-d88a-11dd-9da3-001c25861e59}.TMContainer00000000000000000002.regtrans-ms
2009-01-02 02:17 . 2009-01-03 13:42 524,288 --ahs---- C:\ntuser.dat{e91ed0f4-d88a-11dd-9da3-001c25861e59}.TMContainer00000000000000000001.regtrans-ms
2009-01-02 02:17 . 2009-01-02 02:17 524,288 --ahs---- C:\ntuser.dat{e91ed0f0-d88a-11dd-9da3-001c25861e59}.TMContainer00000000000000000002.regtrans-ms
2009-01-02 02:17 . 2009-01-02 02:17 524,288 --ahs---- C:\ntuser.dat{e91ed0f0-d88a-11dd-9da3-001c25861e59}.TMContainer00000000000000000001.regtrans-ms
2009-01-02 02:17 . 2009-01-03 13:42 262,144 --a------ C:\ntuser.dat
2009-01-02 02:17 . 2009-01-03 13:42 65,536 --ahs---- C:\ntuser.dat{e91ed0f4-d88a-11dd-9da3-001c25861e59}.TM.blf
2009-01-02 02:17 . 2009-01-02 02:17 65,536 --ahs---- C:\ntuser.dat{e91ed0f0-d88a-11dd-9da3-001c25861e59}.TM.blf
2009-01-02 02:17 . 2009-01-03 13:42 5,120 --ah----- C:\ntuser.dat.LOG1
2009-01-02 02:17 . 2009-01-02 02:17 0 --ah----- C:\ntuser.dat.LOG2
2009-01-01 23:08 . 2009-01-01 23:12 <DIR> d-------- c:\users\moosh\AppData\Roaming\Ulead Systems
2009-01-01 23:08 . 2009-01-01 23:08 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-01 23:08 . 2009-01-01 23:08 1,409 --a------ c:\windows\QTFont.for
2009-01-01 23:02 . 2009-01-01 23:02 <DIR> d-------- c:\users\All Users\InterVideo
2009-01-01 23:02 . 2009-01-01 23:02 <DIR> d-------- c:\programdata\InterVideo
2009-01-01 23:02 . 2009-01-01 23:02 <DIR> d-------- c:\program files\Common Files\InterVideo
2009-01-01 23:02 . 2002-11-22 02:57 204,800 --a------ c:\windows\System32\IVIresizeW7.dll
2009-01-01 23:02 . 2002-11-22 02:57 200,704 --a------ c:\windows\System32\IVIresizeA6.dll
2009-01-01 23:02 . 2002-11-22 02:57 192,512 --a------ c:\windows\System32\IVIresizeP6.dll
2009-01-01 23:02 . 2002-11-22 02:57 192,512 --a------ c:\windows\System32\IVIresizeM6.dll
2009-01-01 23:02 . 2002-11-22 02:57 188,416 --a------ c:\windows\System32\IVIresizePX.dll
2009-01-01 23:02 . 2002-11-22 02:57 20,480 --a------ c:\windows\System32\IVIresize.dll
2009-01-01 23:01 . 2009-01-01 23:01 <DIR> d--h----- c:\windows\msdownld.tmp
2009-01-01 23:01 . 2009-01-01 23:01 <DIR> d-------- c:\program files\Windows Media Components
2009-01-01 22:53 . 2009-01-01 23:01 <DIR> d-------- c:\users\All Users\Ulead Systems
2009-01-01 22:53 . 2009-01-01 23:01 <DIR> d-------- c:\programdata\Ulead Systems
2009-01-01 22:53 . 2009-01-01 22:53 <DIR> d-------- c:\program files\Ulead Systems
2009-01-01 22:53 . 2009-01-01 22:55 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2009-01-01 17:47 . 2009-01-01 17:47 79 --a------ c:\windows\wininit.ini
2009-01-01 17:26 . 2009-01-01 18:10 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-01-01 17:26 . 2009-01-01 18:10 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-01-01 17:26 . 2009-01-01 18:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-31 02:23 . 2008-12-31 02:23 71,680 --a------ c:\windows\System32\drivers\msqpdxmixqudhn.sys
2008-12-31 02:07 . 2008-12-31 02:07 <DIR> d-------- c:\users\moosh\AppData\Roaming\Malwarebytes
2008-12-31 02:07 . 2008-12-31 02:07 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-31 02:07 . 2008-12-31 02:07 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-31 02:07 . 2008-12-31 02:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-31 02:07 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-31 02:07 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-31 00:07 . 2008-12-31 00:07 <DIR> d-------- C:\VundoFix Backups
2008-12-30 23:07 . 2008-12-30 23:07 <DIR> d-------- c:\program files\RogueRemover FREE
2008-12-30 22:39 . 2009-01-02 04:23 <DIR> d-------- c:\program files\Exterminate It!
2008-12-30 21:44 . 2008-12-30 21:44 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-30 21:44 . 2008-12-30 21:44 <DIR> d-------- c:\programdata\Lavasoft
2008-12-30 21:44 . 2008-12-30 21:44 <DIR> d-------- c:\program files\Lavasoft
2008-12-30 21:43 . 2008-12-30 21:43 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-30 21:29 . 2008-12-30 21:29 <DIR> d-------- c:\users\moosh\AppData\Roaming\TrojanHunter
2008-12-30 21:23 . 2008-12-30 21:23 <DIR> d-------- c:\program files\TrojanHunter 5.0
2008-12-30 21:13 . 2009-01-07 00:22 <DIR> d-------- c:\users\moosh\AppData\Roaming\uTorrent
2008-12-30 13:30 . 2009-01-11 16:05 192,036,169 --a------ c:\windows\MEMORY.DMP
2008-12-29 23:12 . 2008-12-29 23:12 <DIR> d-------- c:\users\moosh\AppData\Roaming\PC Tools
2008-12-29 23:12 . 2008-12-29 23:13 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-29 23:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-12-29 23:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-12-29 23:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-12-29 23:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-12-29 18:22 . 2008-12-29 18:32 <DIR> d-------- c:\program files\Super_DVD_Creator_9.8
2008-12-29 18:10 . 2008-12-29 18:10 <DIR> d-------- c:\users\moosh\.thumb
2008-12-29 13:30 . 2008-12-29 13:38 <DIR> d-------- c:\users\moosh\AppData\Roaming\Roxio
2008-12-29 13:29 . 2008-12-29 13:29 <DIR> d-------- c:\users\All Users\InstallShield
2008-12-29 13:29 . 2008-12-29 13:29 <DIR> d-------- c:\programdata\InstallShield
2008-12-29 13:28 . 2008-12-29 13:28 <DIR> d-------- c:\users\All Users\Sonic
2008-12-29 13:28 . 2008-12-29 13:28 <DIR> d-------- c:\programdata\Sonic
2008-12-29 13:26 . 2008-12-30 00:25 <DIR> d-------- c:\users\All Users\Roxio
2008-12-29 13:26 . 2008-12-30 00:25 <DIR> d-------- c:\programdata\Roxio
2008-12-29 13:24 . 2008-12-30 00:25 <DIR> d-------- c:\program files\Roxio
2008-12-29 13:24 . 2008-12-30 00:25 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-12-26 17:10 . 2008-12-26 17:26 <DIR> d-------- c:\program files\GrabIt
2008-12-26 05:31 . 2008-12-26 05:32 <DIR> d-------- c:\users\moosh\AppData\Roaming\NewsLeecher
2008-12-26 05:31 . 2008-12-26 17:09 <DIR> d-------- c:\program files\NewsLeecher
2008-12-24 20:03 . 2008-12-24 20:03 <DIR> d-------- C:\iPrep_101
2008-12-23 14:19 . 2008-12-23 14:19 <DIR> d-------- c:\program files\VIA
2008-12-23 14:19 . 2005-04-12 12:54 331,184 --------- c:\windows\System32\difxapi.dll
2008-12-23 14:19 . 2008-09-26 16:38 137,880 --a------ c:\windows\System32\drivers\viamraid.sys
2008-12-21 23:39 . 2008-12-21 23:39 <DIR> d-------- C:\wadder
2008-12-21 00:09 . 2008-12-24 20:06 <DIR> d-------- c:\program files\iPrep 101
2008-12-18 23:28 . 2004-08-04 07:00 506,368 --a------ c:\windows\System32\msxml.dll
2008-12-14 19:59 . 2008-12-14 19:59 <DIR> d-------- c:\users\wii\AppData\Roaming\Leadertech
2008-12-14 19:59 . 2008-12-14 19:59 <DIR> d-------- c:\users\wii\AppData\Roaming\Acer
2008-12-14 19:58 . 2008-12-14 19:58 <DIR> dr------- c:\users\wii\Searches
2008-12-14 19:58 . 2008-12-14 19:58 <DIR> dr------- c:\users\wii\Contacts
2008-12-14 19:57 . 2008-12-14 19:58 <DIR> dr------- c:\users\wii\Videos
2008-12-14 19:57 . 2008-12-14 19:58 <DIR> dr------- c:\users\wii\Saved Games
2008-12-14 19:57 . 2008-12-14 19:58 <DIR> dr------- c:\users\wii\Pictures
2008-12-14 19:57 . 2008-12-14 19:58 <DIR> dr------- c:\users\wii\Music
2008-12-14 19:57 . 2008-12-14 19:58 <DIR> dr------- c:\users\wii\Links
2008-12-14 19:57 . 2008-12-14 19:58 <DIR> dr------- c:\users\wii\Downloads
2008-12-14 19:57 . 2008-12-14 19:58 <DIR> dr------- c:\users\wii\Documents
2008-12-14 19:57 . 2006-11-02 06:37 <DIR> d-------- c:\users\wii\AppData\Roaming\Media Center Programs
2008-12-14 19:57 . 2008-03-19 07:09 <DIR> d-------- c:\users\wii\AppData\Roaming\Acer GameZone Console
2008-12-14 19:57 . 2008-12-14 19:58 <DIR> d--h----- c:\users\wii\AppData
2008-12-14 19:57 . 2008-12-30 04:58 <DIR> d-------- c:\users\wii
2008-12-13 01:22 . 2008-12-13 01:52 <DIR> d-------- c:\program files\Cloudbrain
2008-12-13 01:11 . 2008-12-13 01:11 <DIR> d-------- c:\program files\CDDBMP3Tool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 06:22 --------- d-----w c:\programdata\Google Updater
2009-01-11 22:15 --------- d-----w c:\programdata\McAfee
2009-01-06 02:47 --------- d-----w c:\program files\FrostWire
2009-01-02 05:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 05:01 --------- d-----w c:\programdata\Apple Computer
2008-12-31 06:06 --------- d---a-w c:\programdata\TEMP
2008-12-30 15:07 --------- d-----w c:\program files\Pcsx2_0.9.4
2008-12-30 06:25 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-30 02:30 --------- d-----w c:\users\moosh\AppData\Roaming\FrostWire
2008-12-26 11:16 --------- d-----w c:\users\moosh\AppData\Roaming\FileZilla
2008-12-19 06:23 882,232 ----a-w c:\windows\system32\drivers\tcpip.sys
2008-12-19 05:44 --------- d-----w c:\programdata\CyberLink
2008-12-19 05:44 --------- d-----w c:\program files\CyberLink
2008-12-19 05:44 --------- d-----w c:\program files\Acer Arcade Live
2008-12-11 13:16 --------- d-----w c:\program files\Windows Mail
2008-12-11 09:10 --------- d-----w c:\programdata\Microsoft Help
2008-12-10 06:04 --------- d-----w c:\program files\Team Craxtion
2008-12-09 12:26 --------- d-----w c:\users\moosh\AppData\Roaming\fretsonfire
2008-12-09 12:00 --------- d-----w c:\program files\Microsoft Xbox 360 Accessories
2008-12-09 10:15 --------- d-----w c:\program files\Game Copy Pro
2008-12-09 05:11 --------- d-----w c:\users\moosh\AppData\Roaming\CyberLink
2008-12-08 05:44 --------- d-----w c:\program files\Xbox 360 Hack Pack RC1
2008-12-08 05:42 --------- d-----w c:\users\moosh\AppData\Roaming\U3
2008-12-08 05:21 --------- d-----w c:\programdata\Geek Squad
2008-12-07 09:10 --------- d-----w c:\program files\Oxin's Style!
2008-12-07 06:10 --------- d-----w c:\program files\Common Files\Adobe
2008-12-03 11:07 --------- d-----w c:\programdata\FLEXnet
2008-12-03 11:03 --------- d-----w c:\program files\Adobe Media Player
2008-12-03 11:00 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-03 10:57 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-03 03:51 --------- d-----w c:\program files\DVDInfoPro
2008-12-02 07:57 --------- d-----w c:\users\moosh\AppData\Roaming\Thinstall
2008-12-02 07:57 --------- d-----w c:\program files\Microsoft Reader
2008-12-02 06:26 --------- d-----w c:\program files\MagicDisc
2008-12-02 06:19 --------- d-----w c:\program files\Elaborate Bytes
2008-12-01 05:26 --------- d-----w c:\programdata\WindowsSearch
2008-11-23 08:42 --------- d-----w c:\users\moosh\AppData\Roaming\OpenOffice.org
2008-11-23 03:47 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-23 03:47 --------- d-----w c:\program files\JRE
2008-11-23 00:58 --------- d-----w c:\program files\Microsoft SQL Server
2008-11-23 00:56 --------- d-----w c:\program files\Microsoft Synchronization Services
2008-11-23 00:56 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-11-23 00:49 --------- d-----w c:\program files\Microsoft SDKs
2008-11-23 00:13 --------- d-----w c:\program files\WinPcap
2008-11-22 23:50 --------- d-----w c:\program files\Rockstar Games
2008-11-22 22:48 --------- d-----w c:\program files\Pa-software
2008-11-22 19:19 --------- d--h--r c:\users\moosh\AppData\Roaming\SecuROM
2008-11-22 19:19 --------- d-----w c:\programdata\Media Center Programs
2008-11-22 19:19 --------- d-----w c:\program files\Tomb Raider - Anniversary
2008-11-22 18:44 --------- d-----w c:\program files\Smart Projects
2008-11-20 10:53 --------- d-----w c:\program files\ffdshow
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-09-03 05:42 47,360 ----a-w c:\users\moosh\AppData\Roaming\pcouffin.sys
2008-07-11 08:04 0 ----a-w c:\users\moosh\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2007-12-28 19:59 342,528 ----a-w c:\windows\inf\WG111v3\Vista64\wg111v3.sys
2007-12-28 19:58 289,280 ----a-w c:\windows\inf\WG111v3\WG111v3.sys
2007-12-28 19:58 289,280 ----a-w c:\windows\inf\WG111v3\Vista\wg111v3.sys
2007-11-27 22:53 63,488 ----a-w c:\windows\inf\WG111v3\SetDrv64.exe
2007-11-27 22:52 32,768 ----a-w c:\windows\inf\WG111v3\SetDrv.exe
2007-04-23 18:15 31,016 ----a-w c:\windows\inf\WG111v3\Vista64\RtlProt.sys
2007-04-23 15:50 25,896 ----a-w c:\windows\inf\WG111v3\Vista\RtlProt.sys
2007-04-20 02:22 75,264 ----a-w c:\windows\inf\WG111v3\Vista64\rtkbind.exe
2007-04-20 02:22 74,752 ----a-w c:\windows\inf\WG111v3\Vista\rtkbind.exe
2006-12-15 16:30 98,304 ----a-w c:\windows\inf\WG111v3\UScanM.exe
2006-12-15 16:30 315,392 ----a-w c:\windows\inf\WG111v3\InstallDriver.exe
2006-12-15 16:30 212,992 ----a-w c:\windows\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 16:30 20,480 ----a-w c:\windows\inf\WG111v3\RTWUPath.exe
2006-12-15 16:30 19,968 ----a-w c:\windows\inf\WG111v3\RTWREFU.EXE
2008-09-23 21:53 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-23 21:53 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-23 21:53 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 00:38 121392 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-14 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-01 630784]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-02 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-05 c:\windows\RtHDVCpl.exe]

c:\users\moosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-02 575488]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-19 535336]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-02-22 2506752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"vidc.uldx"= c:\progra~1\ULEADS~1\ULEADD~1\ULEADD~1\DivX_UL.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 18:05 734264 c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{99B83050-0AD1-41FE-96D2-F1EE075ED7DB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{093DF7DB-4358-456C-9812-97D551FFE92E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0ADE27F2-8D7A-40C5-8141-275D35EFD47D}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{2F0D1915-AD71-49AA-B1C2-16DD2FC73D6F}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{1C2A543A-72C6-4701-AF74-F128E0177EE9}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{2C08D1E5-2EE8-41A7-BFE2-B21EB108B556}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{07E4D33B-D2D5-4CD0-8460-1271C679DA83}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{117EB1E8-7293-4B26-BB10-E943C231CB45}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{E072A095-9C38-4153-8656-AB54E26C2558}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6F8DFAC2-B710-4FA5-834E-7184D9BBD143}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D246148D-B4F6-4DA5-9C46-EFF0081C6913}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{864C2D83-2A13-4B4E-BB9D-1DC04BB45716}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F42A20C0-FCB7-4F75-A65B-65A4B72D0F0A}c:\\program files\\torrentspeeder\\torrentspeeder.exe"= UDP:c:\program files\torrentspeeder\torrentspeeder.exe:P2P utility
"UDP Query User{45671B04-9BD4-4095-97EB-B0229AED9EFB}c:\\program files\\torrentspeeder\\torrentspeeder.exe"= TCP:c:\program files\torrentspeeder\torrentspeeder.exe:P2P utility
"{70F505CC-B09C-441A-8C11-B7F4960E7300}"= UDP:11554:Port 11554_TCP
"{CF46E2B3-2658-4D9E-B9D6-23F9E1FF2575}"= TCP:11554:Port 11554_UDP
"{BCD65FFD-266D-474C-A719-BF9C6BBB8213}"= UDP:11555:Port 11555_TCP
"{9F9F8881-4A66-4529-BD08-7683076EFE4D}"= TCP:11555:Port 11555_UDP
"{D23F8B10-874F-4A54-A804-341DB9D13CB0}"= UDP:11556:Port 11556_TCP
"{3E217FE3-982B-4ABD-91BE-2108C6B328BB}"= TCP:11556:Port 11556_UDP
"TCP Query User{349E4C1D-2857-40C8-976F-10ACF8FBA92F}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_fakeup8x_seeder.exe"= UDP:c:\program files\seba14mods\µtorrent 1.8 (build 11813) leecher pack\utorrent 1.8 (11813)_fakeup8x_seeder.exe:µTorrent
"UDP Query User{B418D613-25F7-43F4-85DD-8A6ADCDEBF23}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_fakeup8x_seeder.exe"= TCP:c:\program files\seba14mods\µtorrent 1.8 (build 11813) leecher pack\utorrent 1.8 (11813)_fakeup8x_seeder.exe:µTorrent
"TCP Query User{FFDB80E0-01CE-453E-AE57-F33F0DE8C758}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_stealth.exe"= UDP:c:\program files\seba14mods\µtorrent 1.8 (build 11813) leecher pack\utorrent 1.8 (11813)_stealth.exe:µTorrent
"UDP Query User{E6E84BA5-1493-4252-96E4-5C7E3708187B}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_stealth.exe"= TCP:c:\program files\seba14mods\µtorrent 1.8 (build 11813) leecher pack\utorrent 1.8 (11813)_stealth.exe:µTorrent
"TCP Query User{EFF4BB5B-1E88-426E-84EB-3CD68DD5150E}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_mult111_seeder.exe"= UDP:c:\program files\seba14mods\µtorrent 1.8 (build 11813) leecher pack\utorrent 1.8 (11813)_mult111_seeder.exe:µTorrent
"UDP Query User{509FC1BB-FB36-4C45-AC92-B988CAB262D5}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_mult111_seeder.exe"= TCP:c:\program files\seba14mods\µtorrent 1.8 (build 11813) leecher pack\utorrent 1.8 (11813)_mult111_seeder.exe:µTorrent
"TCP Query User{D9639A91-B950-4B14-9515-C3ED3C1E8473}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{C59A699E-9AD8-4165-A571-505288F0EDC3}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{3C068D68-4192-4AA6-ABF1-3C0A4300E8D9}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_mult111_leecher.exe"= UDP:c:\program files\seba14mods\µtorrent 1.8 (build 11813) leecher pack\utorrent 1.8 (11813)_mult111_leecher.exe:µTorrent
"UDP Query User{6CE29B14-49C9-43EA-BC43-782EA66B8DB1}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_mult111_leecher.exe"= TCP:c:\program files\seba14mods\µtorrent 1.8 (build 11813) leecher pack\utorrent 1.8 (11813)_mult111_leecher.exe:µTorrent
"{ACCA1150-C14B-400D-8DC8-F6E28CEC178A}"= TCP:11612:UDP_11612
"{30A8C24A-F819-453E-AC23-66C6F00B049C}"= UDP:11612:TCP_11612
"TCP Query User{39C1B866-FD05-425B-8AE1-668420F0D2A7}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_fakeup5x_leecher.exe"= UDP:c:\program files\seba14mods\µtorrent 1.8 (build 11813) leecher pack\utorrent 1.8 (11813)_fakeup5x_leecher.exe:µTorrent
"UDP Query User{1292E03D-FF5A-4ACE-AC81-A85B229C10BB}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_fakeup5x_leecher.exe"= TCP:c:\program files\seba14mods\µtorrent 1.8 (build 11813) leecher pack\utorrent 1.8 (11813)_fakeup5x_leecher.exe:µTorrent
"{EDD43921-BDFB-4D23-9F35-EF8550E2FA42}"= UDP:c:\program files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe:TVersity Media Server
"{BD1AECBC-E168-4770-BBD2-18561C79812F}"= TCP:c:\program files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe:TVersity Media Server
"{A38A1F77-72E8-49BD-BAC8-D05BC28236BD}"= UDP:5353:Adobe CSI CS4
"{B0C30277-997E-40FC-8F52-ED5EE6B173D5}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{DA1BF4FE-C3F5-4D8F-8B5F-B0C1580FC681}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{74917DE4-37DF-47A5-ABC8-5EBB6A0E447F}c:\\program files\\team craxtion\\craxtion4\\craxtion.exe"= UDP:c:\program files\team craxtion\craxtion4\craxtion.exe:
"UDP Query User{A2F354FC-7D60-49A9-A67C-511F7B775859}c:\\program files\\team craxtion\\craxtion4\\craxtion.exe"= TCP:c:\program files\team craxtion\craxtion4\craxtion.exe:

R1 DiscImage;Disc image driver;c:\windows\System32\drivers\discimage.sys [2007-05-26 24704]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2007-04-23 25896]
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-03-19 269448]
R4 DIMSVC;Disc Image Demo mount service;c:\program files\Pa-software\Disc Image Demo\dimsvc.exe [2007-05-26 36864]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-01 809296]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v3.sys [2008-07-29 289280]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-29 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01483e2e-abc7-11dd-8820-001c25861e59}]
\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0368b584-fc4c-11dc-a6f7-806e6f6e6963}]
\shell\AutoRun\command - I:\mri.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
HKLM-Run-RegistryMechanic - (no file)


.
------- Supplementary Scan -------
.
mStart Page = hxxp://en.us.acer.yahoo.com
IE: Add this link to WebWhacker... - h:\webwack\Art\wwieextlink.html
IE: Add this page to WebWhacker... - h:\webwack\Art\wwieext.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF}
FF - ProfilePath - c:\users\moosh\AppData\Roaming\Mozilla\Firefox\Profiles\edxt9f9h.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 22:03:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5888)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\System32\WUDFHost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-01-12 22:07:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-13 04:07:14

Pre-Run: 50,161,541,120 bytes free
Post-Run: 50,014,433,280 bytes free

369 --- E O F --- 2008-12-18 09:00:29
moosh01
Active Member
 
Posts: 7
Joined: December 31st, 2008, 2:34 am

Re: hijack this log, browser has been hijacked

Unread postby Sharagoz » January 14th, 2009, 8:22 am

Disable McAfee while you do the next procedure

1) Run ComboFix with CFScript
  • Right-click on your desktop, select New -> Text file
  • Name the file CFScript.txt
  • Open CFScript.txt and copy the contents of the code box below into it, save and close
    Code: Select all
    KillAll::
    
    File::
    c:\windows\System32\drivers\msqpdxmixqudhn.sys
    
    Folder::
    c:\users\moosh\AppData\Roaming\uTorrent
    c:\program files\FrostWire
    c:\users\moosh\AppData\Roaming\FrostWire
    c:\users\moosh\AppData\Roaming\FileZilla
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1C2A543A-72C6-4701-AF74-F128E0177EE9}"=-
    "{2C08D1E5-2EE8-41A7-BFE2-B21EB108B556}"=-
    "TCP Query User{07E4D33B-D2D5-4CD0-8460-1271C679DA83}c:\\program files\\frostwire\\frostwire.exe"=-
    "UDP Query User{117EB1E8-7293-4B26-BB10-E943C231CB45}c:\\program files\\frostwire\\frostwire.exe"=-
    "TCP Query User{D246148D-B4F6-4DA5-9C46-EFF0081C6913}c:\\program files\\emule\\emule.exe"=-
    "UDP Query User{864C2D83-2A13-4B4E-BB9D-1DC04BB45716}c:\\program files\\emule\\emule.exe"=-
    "TCP Query User{F42A20C0-FCB7-4F75-A65B-65A4B72D0F0A}c:\\program files\\torrentspeeder\\torrentspeeder.exe"=-
    "UDP Query User{45671B04-9BD4-4095-97EB-B0229AED9EFB}c:\\program files\\torrentspeeder\\torrentspeeder.exe"=-
    "TCP Query User{349E4C1D-2857-40C8-976F-10ACF8FBA92F}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_fakeup8x_seeder.exe"=-
    "UDP Query User{B418D613-25F7-43F4-85DD-8A6ADCDEBF23}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_fakeup8x_seeder.exe"=-
    "TCP Query User{FFDB80E0-01CE-453E-AE57-F33F0DE8C758}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_stealth.exe"=-
    "UDP Query User{E6E84BA5-1493-4252-96E4-5C7E3708187B}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_stealth.exe"=-
    "TCP Query User{EFF4BB5B-1E88-426E-84EB-3CD68DD5150E}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_mult111_seeder.exe"=-
    "UDP Query User{509FC1BB-FB36-4C45-AC92-B988CAB262D5}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_mult111_seeder.exe"=-
    "TCP Query User{D9639A91-B950-4B14-9515-C3ED3C1E8473}c:\\program files\\vuze\\azureus.exe"=-
    "UDP Query User{C59A699E-9AD8-4165-A571-505288F0EDC3}c:\\program files\\vuze\\azureus.exe"=-
    "TCP Query User{3C068D68-4192-4AA6-ABF1-3C0A4300E8D9}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_mult111_leecher.exe"=-
    "UDP Query User{6CE29B14-49C9-43EA-BC43-782EA66B8DB1}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_mult111_leecher.exe"=-
    "TCP Query User{39C1B866-FD05-425B-8AE1-668420F0D2A7}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_fakeup5x_leecher.exe"=-
    "UDP Query User{1292E03D-FF5A-4ACE-AC81-A85B229C10BB}c:\\program files\\seba14mods\\µtorrent 1.8 (build 11813) leecher pack\\utorrent 1.8 (11813)_fakeup5x_leecher.exe"=-
    
  • Drag CFScript.txt on top of the ComboFix.exe icon and release
  • ComboFix will start if you did this correctly
  • When ComboFix has finished scanning, a log will open
  • Include this log in your next reply

2) Download and run Flash Disinfector
  • Download Flash_Disinfector and save it to your desktop.
  • Right-click on Flash_Disinfector.exe and chose Run as administrator to launch the program
  • You will be prompted to plug in your flash drives. Plug them in if they aren't already.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it does not, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

After this step, access all your removable storage devices and see if there's a folder at the root named resycled
For instance I:\resycled.
If there is such a folder present, delete it.
Beware not to delete a legitimate folder that may be present named recycled

Let me know in your next post how step 2 went.

3) Upload a file to VirusTotal
  • Go to virustotal.com
  • Click Browse and copy the filepath from the codebox below into the File name box and click Open
    Code: Select all
    c:\windows\system32\drivers\tcpip.sys
  • Click the Send file button to start the scan
  • When the status changes to finished, click the Compact link
  • Copy everything from the windows that pops up into your next reply
  • Repeat the process for this file as well:
    Code: Select all
    C:\windows\system32\advapi32.dll

4) Get new RSIT log
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • When the scan finishes a log will open. Include this log in your next reply

Enable McAfee again after this step.

Logs I need:
ComboFix log
Two logs from VirusTotal
RSIT log

How is the computer running after these steps? Are you still experiencing redirects?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: hijack this log, browser has been hijacked

Unread postby Sharagoz » January 19th, 2009, 10:32 am

It's been several days since your last response.
Are you still with us?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: hijack this log, browser has been hijacked

Unread postby NonSuch » January 24th, 2009, 3:57 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware