Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer in all functions suddenly very slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer in all functions suddenly very slow

Unread postby countryfloors » February 6th, 2009, 2:57 pm

Thank goodness for this site. Here is my HijackThis log:
----------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:50 AM, on 2/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINNT\System32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwkb.ops.placeware.com/etc/pla ... silver.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DC5A3CC-F968-4CFA-A853-0732E41709F7}: NameServer = 205.171.3.65,205.171.2.65
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O24 - Desktop Component 1: HR California - Human Resource and Labor Law Information - California Chamber of Commerce - http://www.hrcalifornia.com/

--
End of file - 10964 bytes
countryfloors
Active Member
 
Posts: 4
Joined: February 6th, 2009, 2:30 pm
Advertisement
Register to Remove

Re: Computer in all functions suddenly very slow

Unread postby Katana » February 27th, 2009, 8:35 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Computer in all functions suddenly very slow

Unread postby countryfloors » March 5th, 2009, 7:18 pm

Thank you for your assistance!

Here is log.txt:
Logfile of random's system information tool 1.05 (written by random/random)
Run by abogner at 2009-03-05 15:14:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 10 GB (27%) free of 38 GB
Total RAM: 511 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:55 PM, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MozyHome\mozybackup.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\ADP\pcpw\PAY4WIN.exe
c:\ADP\Sqlbase\dbnt1sv.exe
c:\adp\pcpw\ADPLOC~1.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\abogner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\abogner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwkb.ops.placeware.com/etc/pla ... silver.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DC5A3CC-F968-4CFA-A853-0732E41709F7}: NameServer = 205.171.3.65,205.171.2.65
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O24 - Desktop Component 1: HR California - Human Resource and Labor Law Information - California Chamber of Commerce - http://www.hrcalifornia.com/

--
End of file - 12670 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"McAfee Managed Services Tray"=C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe [2008-01-22 87360]
"MVS Splash"=C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [2008-01-22 468288]
"Adobe Version Cue CS2"=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2003-10-06 5058560]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINNT\System32\NVMCTRAY.DLL [2003-10-06 49152]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Adobe Acrobat Speed Launcher.lnk - C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe

C:\Documents and Settings\abogner\Start Menu\Programs\Startup
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINNT\system32\PCANotify.dll [2003-05-29 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
C:\WINNT\system32\wzcdlg.dll [2004-08-04 378368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NBF]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nbf.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sglfb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\DOCUME~1\abogner\LOCALS~1\Temp\RarSFX0\acrobat32.exe"="C:\DOCUME~1\abogner\LOCALS~1\Temp\RarSFX0\acrobat32.exe:*:Enabled:"
"C:\DOCUME~1\abogner\LOCALS~1\Temp\svchost.exe"="C:\DOCUME~1\abogner\LOCALS~1\Temp\svchost.exe:*:Enabled:"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2100-02-08 16:03:54 ----A---- C:\Program Files\ACMonitor_X73.exe
2100-02-08 15:53:34 ----A---- C:\Program Files\gtx73.ini
2009-03-05 15:14:09 ----D---- C:\rsit
2009-03-05 11:01:13 ----D---- C:\WINNT\LastGood
2009-03-04 10:14:14 ----D---- C:\Documents and Settings\abogner\Application Data\Southwest Airlines
2009-03-04 10:13:57 ----D---- C:\Program Files\Southwest Airlines
2009-03-04 10:13:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-25 15:09:28 ----HD---- C:\WINNT\$NtUninstallKB967715$
2009-02-25 09:29:57 ----D---- C:\Program Files\MozyHome
2009-02-19 18:28:39 ----HD---- C:\WINNT\$NtUninstallKB927779$
2009-02-19 18:28:23 ----HD---- C:\WINNT\$NtUninstallKB927802$
2009-02-19 18:27:21 ----HD---- C:\WINNT\$NtUninstallKB943460$
2009-02-19 18:26:59 ----HD---- C:\WINNT\$NtUninstallKB937894$
2009-02-19 18:26:37 ----HD---- C:\WINNT\$NtUninstallKB928255$
2009-02-19 18:26:20 ----HD---- C:\WINNT\$NtUninstallKB933729$
2009-02-19 18:26:04 ----HD---- C:\WINNT\$NtUninstallKB923980$
2009-02-19 18:25:49 ----HD---- C:\WINNT\$NtUninstallKB938828$
2009-02-19 18:25:33 ----HD---- C:\WINNT\$NtUninstallKB924667$
2009-02-19 18:25:16 ----HD---- C:\WINNT\$NtUninstallKB900485$
2009-02-19 18:24:50 ----HD---- C:\WINNT\$NtUninstallKB924270$
2009-02-19 18:24:35 ----HD---- C:\WINNT\$NtUninstallKB931261$
2009-02-19 18:23:56 ----HD---- C:\WINNT\$NtUninstallKB927891$
2009-02-19 18:23:40 ----HD---- C:\WINNT\$NtUninstallKB936357$
2009-02-19 18:23:15 ----HD---- C:\WINNT\$NtUninstallKB887472$
2009-02-19 18:22:58 ----HD---- C:\WINNT\$NtUninstallKB946026$
2009-02-19 18:21:22 ----HD---- C:\WINNT\$NtUninstallKB929123$
2009-02-19 18:21:06 ----HD---- C:\WINNT\$NtUninstallKB918439$
2009-02-19 18:20:43 ----HD---- C:\WINNT\$NtUninstallKB902400$
2009-02-19 18:20:12 ----HD---- C:\WINNT\$NtUninstallKB926436$
2009-02-19 18:19:56 ----HD---- C:\WINNT\$NtUninstallKB920872$
2009-02-19 18:19:30 ----HD---- C:\WINNT\$NtUninstallKB930178$
2009-02-19 18:19:13 ----HD---- C:\WINNT\$NtUninstallKB932168$
2009-02-19 18:16:53 ----D---- C:\WINNT\SQL9_KB960089_ENU
2009-02-19 18:16:03 ----HD---- C:\WINNT\$NtUninstallKB922582$
2009-02-19 18:15:45 ----HD---- C:\WINNT\$NtUninstallKB918118$
2009-02-19 18:15:29 ----HD---- C:\WINNT\$NtUninstallKB926255$
2009-02-19 18:15:14 ----HD---- C:\WINNT\$NtUninstallKB920213$
2009-02-19 18:14:59 ----HD---- C:\WINNT\$NtUninstallKB935840$
2009-02-19 18:14:44 ----HD---- C:\WINNT\$NtUninstallKB943485$
2009-02-19 18:14:30 ----HD---- C:\WINNT\$NtUninstallKB945553$
2009-02-19 18:14:14 ----HD---- C:\WINNT\$NtUninstallKB886185$
2009-02-19 18:13:57 ----HD---- C:\WINNT\$NtUninstallKB916595$
2009-02-19 18:13:42 ----HD---- C:\WINNT\$NtUninstallKB930916$
2009-02-19 18:12:58 ----HD---- C:\WINNT\$NtUninstallKB935839$
2009-02-19 18:12:43 ----HD---- C:\WINNT\$NtUninstallKB943055$
2009-02-19 18:12:26 ----HD---- C:\WINNT\$NtUninstallKB894391$
2009-02-19 18:12:04 ----HD---- C:\WINNT\$NtUninstallKB944653$
2009-02-19 18:11:44 ----HD---- C:\WINNT\$NtUninstallKB928843$
2009-02-18 16:24:57 ----D---- C:\Documents and Settings\abogner\Application Data\Windows Live Writer
2009-02-18 16:21:32 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-18 16:16:01 ----D---- C:\Program Files\Microsoft Sync Framework
2009-02-18 16:05:23 ----A---- C:\WINNT\system32\d3dx9_32.dll
2009-02-18 16:03:05 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-02-18 15:58:55 ----HD---- C:\WINNT\$NtUninstallKB954708$
2009-02-18 15:46:47 ----HD---- C:\WINNT\$NtUninstallWIC$
2009-02-18 15:44:19 ----D---- C:\Program Files\Microsoft
2009-02-18 15:43:01 ----D---- C:\Program Files\Windows Live SkyDrive
2009-02-18 15:41:38 ----D---- C:\Program Files\Windows Live
2009-02-18 15:24:18 ----D---- C:\Program Files\Common Files\Windows Live
2009-02-18 14:46:57 ----A---- C:\WINNT\Killsqlbase.ini
2009-02-18 14:46:42 ----D---- C:\Program Files\ADP
2009-02-18 14:29:24 ----D---- C:\ADP Backup
2009-02-18 14:28:34 ----D---- C:\ADP Update
2009-02-11 16:54:01 ----HD---- C:\WINNT\$NtUninstallKB960715$
2009-02-06 18:52:40 ----A---- C:\WINNT\system32\sirenacm.dll
2009-02-06 16:09:17 ----A---- C:\1BB.tmp
2009-02-06 16:06:04 ----A---- C:\1B4.tmp
2009-02-06 15:59:14 ----A---- C:\1AA.tmp
2009-02-06 15:56:25 ----A---- C:\1A3.tmp
2009-02-06 15:53:04 ----A---- C:\19B.tmp
2009-02-06 15:48:54 ----A---- C:\192.tmp
2009-02-06 15:47:06 ----A---- C:\18F.tmp
2009-02-06 15:43:05 ----A---- C:\187.tmp
2009-02-06 15:42:48 ----A---- C:\184.tmp
2009-02-06 10:50:11 ----D---- C:\Documents and Settings\abogner\Application Data\WinPatrol
2009-02-06 10:28:11 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2009-03-05 13:26:18 ----A---- C:\WINNT\Pay4win.ini
2009-03-05 10:55:04 ----A---- C:\WINNT\ModemLog_Dell Data Fax Modem.txt
2009-03-04 17:01:56 ----A---- C:\WINNT\SCHEDLGU.TXT
2009-02-20 17:43:32 ----A---- C:\WINNT\imsins.BAK
2009-02-20 11:02:06 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2009-02-18 14:46:58 ----A---- C:\WINNT\adpdbtools.ini
2009-02-10 12:00:56 ----A---- C:\WINNT\WIN.INI
2009-02-06 16:09:16 ----A---- C:\WINNT\pw5.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 awlegacy;awlegacy; C:\WINNT\System32\Drivers\awlegacy.sys [2003-04-21 10901]
R1 cmosa;cmosa; C:\WINNT\System32\DRIVERS\cmosa.sys [2000-11-30 29344]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINNT\system32\drivers\mfehidk.sys [2007-12-01 201320]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINNT\system32\drivers\mfetdik.sys [2007-12-01 55016]
R1 mozyFilter;mozyFilter; C:\WINNT\system32\DRIVERS\mozy.sys [2009-01-30 53752]
R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINNT\System32\DRIVERS\msikbd2k.sys [2000-06-06 6883]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINNT\System32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINNT\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINNT\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINNT\system32\DRIVERS\tifsfilt.sys [2008-06-27 44384]
R3 DM9102;CNet PRO200WL PCI Fast Ethernet NT Driver ; C:\WINNT\System32\DRIVERS\DM9PCI5.SYS [2001-07-25 33207]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HCF_MSFT;HCF_MSFT; C:\WINNT\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2002-08-29 9600]
R3 MfeAVFK;McAfee Inc. MfeAVFK; C:\WINNT\system32\drivers\MfeAVFK.sys [2007-12-01 79304]
R3 MfeBOPK;McAfee Inc. MfeBOPK; C:\WINNT\system32\drivers\MfeBOPK.sys [2007-12-01 35240]
R3 MfeRKDK;McAfee Inc. MfeRKDK; C:\WINNT\system32\drivers\MfeRKDK.sys [2007-12-01 33832]
R3 mouhid;Mouse HID Driver; C:\WINNT\system32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 nv;nv; C:\WINNT\system32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 NWRDR;NetWare Rdr; C:\WINNT\System32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2001-03-20 412968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys []
S1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2007-03-07 9464]
S1 tga;tga; C:\WINNT\system32\drivers\tga.sys []
S2 LXARScan;Lexmark X73 MFP Scanner; C:\WINNT\System32\Drivers\Lxarscan.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver; C:\WINNT\System32\DRIVERS\el90xbc5.sys []
S3 ichaud;Service for AC'97 Driver (WDM); C:\WINNT\system32\drivers\ichaud.sys [1999-10-22 32592]
S3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINNT\System32\DRIVERS\IPFilter.sys [2000-05-19 11504]
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINNT\system32\drivers\naiavf5x.sys [2005-11-17 114400]
S3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
S3 pcouffin;VSO Software pcouffin; C:\WINNT\System32\Drivers\pcouffin.sys [2008-10-13 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINNT\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINNT\System32\Drivers\vulfnth.sys []
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINNT\System32\Drivers\vulfntr.sys []
S3 wandrv;WAN Network Driver; C:\WINNT\System32\DRIVERS\wandrv.sys [2000-12-03 22640]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 aic116x;aic116x; C:\WINNT\system32\drivers\aic116x.sys []
S4 ami0nt;ami0nt; C:\WINNT\system32\drivers\ami0nt.sys []
S4 AW_HOST;AW_HOST; C:\WINNT\system32\drivers\aw_host5.sys [2003-05-05 24365]
S4 BusLogic;BusLogic; C:\WINNT\system32\drivers\BusLogic.sys []
S4 cpqarry2;cpqarry2; C:\WINNT\system32\drivers\cpqarry2.sys []
S4 cpqfcalm;cpqfcalm; C:\WINNT\system32\drivers\cpqfcalm.sys []
S4 cpqfws2e;cpqfws2e; C:\WINNT\system32\drivers\cpqfws2e.sys []
S4 deckzpsx;deckzpsx; C:\WINNT\system32\drivers\deckzpsx.sys []
S4 EFS;EFS; C:\WINNT\system32\drivers\EFS.sys []
S4 fireport;fireport; C:\WINNT\system32\drivers\fireport.sys []
S4 flashpnt;flashpnt; C:\WINNT\system32\drivers\flashpnt.sys []
S4 IdeBusDr;IdeBusDr; C:\WINNT\System32\DRIVERS\IdeBusDr.sys [2001-03-23 13182]
S4 IntelATA;Intel Ultra ATA Controller; C:\WINNT\System32\DRIVERS\IntelAta.sys [2001-03-23 79106]
S4 ipsraidn;ipsraidn; C:\WINNT\system32\drivers\ipsraidn.sys []
S4 lp6nds35;lp6nds35; C:\WINNT\system32\drivers\lp6nds35.sys []
S4 Ncrc710;Ncrc710; C:\WINNT\system32\drivers\Ncrc710.sys []
S4 Parallel;Parallel class driver; C:\WINNT\System32\DRIVERS\parallel.sys []
S4 ql2100;ql2100; C:\WINNT\system32\drivers\ql2100.sys []
S4 ultra66;ultra66; C:\WINNT\system32\drivers\ultra66.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 EngineServer;EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [2007-12-01 14144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-05 152984]
R2 LexBceS;LexBce Server; C:\WINNT\system32\LEXBCES.EXE [2001-10-05 311296]
R2 LicCtrlService;LicCtrl Service; C:\WINNT\runservice.exe [2007-10-26 2560]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2009-01-30 78136]
R2 MSSQL$PERFIMPACT2WP;SQL Server (PERFIMPACT2WP); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2008-01-22 169280]
R2 nhksrv;Netropa NHK Server; C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2000-09-13 28672]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\System32\nvsvc32.exe [2003-10-06 81920]
R2 NWCWorkstation;Client Service for NetWare; C:\WINNT\System32\svchost.exe [2004-08-04 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McShield;McShield; C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe [2007-12-01 144704]
S2 Fax;Fax; C:\WINNT\system32\fxssvc.exe [2004-08-04 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-07-03 72704]
S3 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2003-05-29 106496]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Cwbrxd;Client Access Express Remote Command; C:\WINNT\CWBRXD.EXE [1999-01-08 42768]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINNT\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2008-07-15 394608]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 UtilMan;Utility Manager; C:\WINNT\System32\UtilMan.exe [2006-10-04 50176]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2004-08-04 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Here is info.txt
info.txt logfile of random's system information tool 1.05 2009-03-05 15:15:08

======Uninstall list======

--> -cC:\WINNT\System32\RSUninst.dll
-->C:\Program Files\LexmarkX73\removeX73.exe
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL1.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Aoc\DeIsL1.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL12.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL13.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL14.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL15.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL16.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL17.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL18.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL19.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL2.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL20.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL21.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL22.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL23.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL24.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL25.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL26.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL27.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL28.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL29.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL3.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL30.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL31.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL4.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL5.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL6.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL7.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL8.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL9.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL1.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL2.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Toolkit\DeIsL1.isu"
-->C:\WINNT\IsUninst.exe -fC:\WINNT\DeIsL1.isu
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINNT\atmoUn.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0409
Adobe Download Manager 1.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{BC467935-A9A5-4D0F-BD89-94F36CDF0524}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
ADP AdjustMate for Windows-->MsiExec.exe /X{AB150A61-BA5F-4348-BEBF-018EC0582D2E}
ADP PC/Payroll for Windows 5.00-->C:\WINNT\IsUninst.exe -fc:\adp\pcpw\Uninst.isu -cc:\adp\pcpw\Uninst.dll
ADP's PC/Payroll Version 5.0 Guides and Forms-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFF7E401-B01A-455D-907E-806D80F19804}\setup.exe" -uninst
Album Art Downloader XUI 0.22-->C:\Program Files\AlbumArtDownloader\uninst.exe
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell Solution Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B0ED720-87D3-11D4-A188-0050DA2DDF19}\setup.exe"
DellTouch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{706D5382-7381-4680-9DD0-161832578252}\setup.exe"
DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®-->MsiExec.exe /X{27EB5747-9CE3-4F83-96C3-B2FF212CD1A6}
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINNT\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINNT\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINNT\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINNT\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINNT\$NtUninstallKB954708$\spuninst\spuninst.exe"
IBM AS/400 Client Access Express for Windows-->"C:\Program Files\IBM\Client Access\cwbinarp.exe"
Intel Ultra ATA Storage Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\setup.exe" -K -INTELUNINST
Internet Explorer Q903235-->C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
McAfee Virus and Spyware Protection Service-->C:\PROGRA~1\McAfee\MANAGE~1\Agent\myinx /Script=C:\PROGRA~1\McAfee\MANAGE~1\VScan\vsasap.inx /Section=DefaultUninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINNT\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft IntelliPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABEA93FA-8D65-11D2-98AB-00C04F79C5D1}\setup.exe" Uninstall
Microsoft Interactive Training-->C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Live Meeting-->C:\Program Files\Microsoft Office\Live Meeting\Quicksilver\quicksilver.exe -UALL
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (PERFIMPACT2WP)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Modem Helper\Uninst.isu"
MozyHome Remote Backup-->MsiExec.exe /X{D2058971-12C7-46E2-9DDB-933C8A6D2051}
Mp3tag v2.41-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NVIDIA Display Driver-->C:\WINNT\system32\nvudisp.exe Uninstall C:\WINNT\system32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINNT\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}\setup.exe" ControlPanel
PRO200WL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280C7673-2DF8-4E74-B031-D8F108BE2A6D}\setup.exe" -uninst
Quicken 2009-->MsiExec.exe /X{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
ReportSmithDesktop42-->C:\WINNT\IsUninst.exe -fc:\ADP\rptsmith\Uninst.isu
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINNT\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINNT\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINNT\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINNT\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINNT\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINNT\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINNT\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINNT\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINNT\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINNT\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINNT\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINNT\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINNT\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINNT\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINNT\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923810)-->"C:\WINNT\$NtUninstallKB923810$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINNT\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINNT\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINNT\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINNT\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINNT\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINNT\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINNT\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINNT\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINNT\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINNT\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINNT\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINNT\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINNT\$NtUninstallKB960715$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Symantec pcAnywhere-->MsiExec.exe /I{E05E8183-866A-11D3-97DF-0000F8D8F2E9}
Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Tag&Rename 3.4.6-->"C:\Program Files\TagRename\unins000.exe"
TWC Customer Controls-->MsiExec.exe /I{F8722041-B63A-47FB-82A8-5F0977E1CF45}
Update for Windows XP (KB894391)-->"C:\WINNT\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINNT\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINNT\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB907265)-->"C:\WINNT\$NtUninstallKB907265$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINNT\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINNT\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINNT\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINNT\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINNT\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINNT\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINNT\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINNT\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINNT\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINNT\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINNT\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINNT\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINNT\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINNT\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINNT\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINNT\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINNT\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINNT\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINNT\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINNT\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINNT\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINNT\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINNT\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Hosts File======

10.10.32.15 cfla01
10.10.32.15 COUNTRYFLOORS.COM

======Security center information======

AV: Total Protection Service

System event log

Computer Name: KALYN
Event Code: 7035
Message: The McShield service was successfully sent a start control.

Record Number: 9712
Source Name: Service Control Manager
Time Written: 20090121082959.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: KALYN
Event Code: 7036
Message: The McShield service entered the stopped state.

Record Number: 9711
Source Name: Service Control Manager
Time Written: 20090121082747.000000-480
Event Type: information
User:

Computer Name: KALYN
Event Code: 7035
Message: The McShield service was successfully sent a stop control.

Record Number: 9710
Source Name: Service Control Manager
Time Written: 20090121082747.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: KALYN
Event Code: 7036
Message: The McShield service entered the paused state.

Record Number: 9709
Source Name: Service Control Manager
Time Written: 20090121082746.000000-480
Event Type: information
User:

Computer Name: KALYN
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 9708
Source Name: Service Control Manager
Time Written: 20090121082144.000000-480
Event Type: information
User:

Application event log

Computer Name: KALYN
Event Code: 17136
Message: Clearing tempdb database.

Record Number: 24111
Source Name: MSSQL$PERFIMPACT2WP
Time Written: 20090128064758.000000-480
Event Type: information
User:

Computer Name: KALYN
Event Code: 17126
Message: SQL Server is now ready for client connections. This is an informational message; no user action is required.

Record Number: 24110
Source Name: MSSQL$PERFIMPACT2WP
Time Written: 20090128064755.000000-480
Event Type: information
User:

Computer Name: KALYN
Event Code: 26037
Message: The SQL Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x54b, state: 3. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.

Record Number: 24109
Source Name: MSSQL$PERFIMPACT2WP
Time Written: 20090128064755.000000-480
Event Type: information
User:

Computer Name: KALYN
Event Code: 17199
Message: Dedicated administrator connection support was not started because it is not available on this edition of SQL Server. This is an informational message only. No user action is required.

Record Number: 24108
Source Name: MSSQL$PERFIMPACT2WP
Time Written: 20090128064755.000000-480
Event Type: information
User:

Computer Name: KALYN
Event Code: 26028
Message: Server named pipe provider is ready to accept connection on [ \\.\pipe\MSSQL$PERFIMPACT2WP\sql\query ].

Record Number: 24107
Source Name: MSSQL$PERFIMPACT2WP
Time Written: 20090128064755.000000-480
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;c:\ADP\sqlbase;c:\adp\pcpw;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\Common Files\Adobe\AGL;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SqlBase"=c:\ADP\sqlbase
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
countryfloors
Active Member
 
Posts: 4
Joined: February 6th, 2009, 2:30 pm

Re: Computer in all functions suddenly very slow

Unread postby Katana » March 6th, 2009, 4:39 am

Do you connect this machine to a server or other computer ?

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If requested, please reboot
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt




Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Computer in all functions suddenly very slow

Unread postby countryfloors » March 12th, 2009, 4:14 pm

Here is the Malwarebytes' log:

Malwarebytes' Anti-Malware 1.34
Database version: 1841
Windows 5.1.2600 Service Pack 2

3/12/2009 1:11:39 PM
mbam-log-2009-03-12 (13-11-39).txt

Scan type: Full Scan (C:\|)
Objects scanned: 227152
Time elapsed: 1 hour(s), 25 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\winzip90.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\A4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

I will run the other one tonight when I can leave the computer alone. :pirate:
countryfloors
Active Member
 
Posts: 4
Joined: February 6th, 2009, 2:30 pm

Re: Computer in all functions suddenly very slow

Unread postby countryfloors » March 12th, 2009, 4:32 pm

Here it the GMER Scan:

GMER 1.0.15.14878 - http://www.gmer.net
Rootkit scan 2009-03-12 13:30:04
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF6B069AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF6B06958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF6B0696C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF6B069EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF6B06930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF6B06944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF6B069BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF6B06996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF6B06982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF6B06A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF6B06A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF6B069D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F8B8D 7 Bytes JMP F6B069D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056BDCD 5 Bytes JMP F6B06986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056FC78 5 Bytes JMP F6B069AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80571F71 5 Bytes JMP F6B06A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 805723EC 7 Bytes JMP F6B069EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80572D86 5 Bytes JMP F6B06934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80573135 7 Bytes JMP F6B069C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581F0E 7 Bytes JMP F6B06970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805847CC 5 Bytes JMP F6B06A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058C892 5 Bytes JMP F6B06948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B0B34 5 Bytes JMP F6B0695C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062C493 5 Bytes JMP F6B0699A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINNT\system32\services.exe[444] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000
.text C:\WINNT\system32\services.exe[444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0007009D
.text C:\WINNT\system32\services.exe[444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0007008C
.text C:\WINNT\system32\services.exe[444] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070071
.text C:\WINNT\system32\services.exe[444] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0007004A
.text C:\WINNT\system32\services.exe[444] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070FB9
.text C:\WINNT\system32\services.exe[444] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 000700CC
.text C:\WINNT\system32\services.exe[444] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F86
.text C:\WINNT\system32\services.exe[444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F3D
.text C:\WINNT\system32\services.exe[444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F4E
.text C:\WINNT\system32\services.exe[444] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 000700FB
.text C:\WINNT\system32\services.exe[444] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00070FA8
.text C:\WINNT\system32\services.exe[444] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070FE5
.text C:\WINNT\system32\services.exe[444] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00070F97
.text C:\WINNT\system32\services.exe[444] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070025
.text C:\WINNT\system32\services.exe[444] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00070FD4
.text C:\WINNT\system32\services.exe[444] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070F69
.text C:\WINNT\system32\services.exe[444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050047
.text C:\WINNT\system32\services.exe[444] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050036
.text C:\WINNT\system32\services.exe[444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005000A
.text C:\WINNT\system32\services.exe[444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINNT\system32\services.exe[444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050025
.text C:\WINNT\system32\services.exe[444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FC6
.text C:\WINNT\system32\services.exe[444] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0006001B
.text C:\WINNT\system32\services.exe[444] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00060F83
.text C:\WINNT\system32\services.exe[444] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0006000A
.text C:\WINNT\system32\services.exe[444] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00060FD4
.text C:\WINNT\system32\services.exe[444] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00060F94
.text C:\WINNT\system32\services.exe[444] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00060FB9
.text C:\WINNT\system32\services.exe[444] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00060FEF
.text C:\WINNT\system32\services.exe[444] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00060040
.text C:\WINNT\system32\services.exe[444] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040000
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070F5E
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F6F
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070047
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F8A
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070FA5
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070090
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070075
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F08
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700A1
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00070EED
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0007002C
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070FDB
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00070064
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070FC0
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00070011
.text C:\WINNT\system32\lsass.exe[456] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070F2D
.text C:\WINNT\system32\lsass.exe[456] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0006002F
.text C:\WINNT\system32\lsass.exe[456] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0006007D
.text C:\WINNT\system32\lsass.exe[456] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00060014
.text C:\WINNT\system32\lsass.exe[456] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00060FDE
.text C:\WINNT\system32\lsass.exe[456] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0006006C
.text C:\WINNT\system32\lsass.exe[456] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00060051
.text C:\WINNT\system32\lsass.exe[456] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00060FEF
.text C:\WINNT\system32\lsass.exe[456] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00060040
.text C:\WINNT\system32\lsass.exe[456] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050F9C
.text C:\WINNT\system32\lsass.exe[456] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FB7
.text C:\WINNT\system32\lsass.exe[456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005001D
.text C:\WINNT\system32\lsass.exe[456] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINNT\system32\lsass.exe[456] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FC8
.text C:\WINNT\system32\lsass.exe[456] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FEF
.text C:\WINNT\system32\lsass.exe[456] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040000
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007D0000
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007D0F74
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007D0069
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007D004E
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007D0F91
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007D0022
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007D0F4F
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007D0097
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007D00CD
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007D0F34
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 007D0F19
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 007D0033
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 007D0011
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 007D007A
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 007D0FC0
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 007D0FD1
.text C:\WINNT\system32\svchost.exe[604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 007D00B2
.text C:\WINNT\system32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 007C0025
.text C:\WINNT\system32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 007C0F97
.text C:\WINNT\system32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 007C0FCA
.text C:\WINNT\system32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 007C0000
.text C:\WINNT\system32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 007C004A
.text C:\WINNT\system32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 007C0FA8
.text C:\WINNT\system32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 007C0FE5
.text C:\WINNT\system32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 007C0FB9
.text C:\WINNT\system32\svchost.exe[604] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007B003D
.text C:\WINNT\system32\svchost.exe[604] msvcrt.dll!system 77C293C7 5 Bytes JMP 007B002C
.text C:\WINNT\system32\svchost.exe[604] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007B0011
.text C:\WINNT\system32\svchost.exe[604] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007B0FEF
.text C:\WINNT\system32\svchost.exe[604] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007B0FBC
.text C:\WINNT\system32\svchost.exe[604] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007B0000
.text C:\WINNT\system32\svchost.exe[604] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007A0000
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008F0FEF
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008F005D
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008F0F72
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008F0F83
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008F0040
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008F0F9E
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008F0082
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008F0F30
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008F00B8
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008F0093
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008F00C9
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008F0025
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008F0000
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008F0F4D
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008F0FAF
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008F0FC0
.text C:\WINNT\system32\svchost.exe[648] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008F0F1F
.text C:\WINNT\system32\svchost.exe[648] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008E003D
.text C:\WINNT\system32\svchost.exe[648] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008E0FAC
.text C:\WINNT\system32\svchost.exe[648] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008E002C
.text C:\WINNT\system32\svchost.exe[648] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008E001B
.text C:\WINNT\system32\svchost.exe[648] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008E0069
.text C:\WINNT\system32\svchost.exe[648] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008E0FC7
.text C:\WINNT\system32\svchost.exe[648] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008E0000
.text C:\WINNT\system32\svchost.exe[648] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008E004E
.text C:\WINNT\system32\svchost.exe[648] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0F90
.text C:\WINNT\system32\svchost.exe[648] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D001B
.text C:\WINNT\system32\svchost.exe[648] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0FC6
.text C:\WINNT\system32\svchost.exe[648] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0000
.text C:\WINNT\system32\svchost.exe[648] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0FA1
.text C:\WINNT\system32\svchost.exe[648] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D0FE3
.text C:\WINNT\system32\svchost.exe[648] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008C0000
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 016A0FEF
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 016A0085
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 016A0F86
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 016A0F97
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 016A004A
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 016A002F
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 016A00B1
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 016A0F6B
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 016A0F3D
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 016A00CC
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 016A00F1
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 016A0FA8
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 016A0FDE
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 016A0096
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 016A0FC3
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 016A0014
.text C:\WINNT\System32\svchost.exe[688] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 016A0F4E
.text C:\WINNT\System32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01680FDB
.text C:\WINNT\System32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01680FAF
.text C:\WINNT\System32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0168002C
.text C:\WINNT\System32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01680011
.text C:\WINNT\System32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01680062
.text C:\WINNT\System32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01680051
.text C:\WINNT\System32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01680000
.text C:\WINNT\System32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01680FCA
.text C:\WINNT\System32\svchost.exe[688] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01670FB0
.text C:\WINNT\System32\svchost.exe[688] msvcrt.dll!system 77C293C7 5 Bytes JMP 01670FC1
.text C:\WINNT\System32\svchost.exe[688] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01670FD2
.text C:\WINNT\System32\svchost.exe[688] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01670FE3
.text C:\WINNT\System32\svchost.exe[688] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01670031
.text C:\WINNT\System32\svchost.exe[688] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0167000C
.text C:\WINNT\System32\svchost.exe[688] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01660000
.text C:\WINNT\System32\svchost.exe[688] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01690FEF
.text C:\WINNT\System32\svchost.exe[688] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 0169000A
.text C:\WINNT\System32\svchost.exe[688] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01690025
.text C:\WINNT\System32\svchost.exe[688] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01690036
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008C0FEF
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008C0F86
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008C0071
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008C0054
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008C0F97
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008C002F
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008C00A2
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008C0F5A
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008C00BD
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008C0F2E
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008C0F13
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008C0FA8
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008C0FDE
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008C0F75
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008C0014
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008C0FB9
.text C:\WINNT\System32\svchost.exe[736] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008C0F3F
.text C:\WINNT\System32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008B0FC0
.text C:\WINNT\System32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008B0062
.text C:\WINNT\System32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008B0011
.text C:\WINNT\System32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008B0FE5
.text C:\WINNT\System32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008B0051
.text C:\WINNT\System32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008B0FAF
.text C:\WINNT\System32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008B0000
.text C:\WINNT\System32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008B0036
.text C:\WINNT\System32\svchost.exe[736] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008A0058
.text C:\WINNT\System32\svchost.exe[736] msvcrt.dll!system 77C293C7 5 Bytes JMP 008A0033
.text C:\WINNT\System32\svchost.exe[736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008A0FCD
.text C:\WINNT\System32\svchost.exe[736] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008A0FEF
.text C:\WINNT\System32\svchost.exe[736] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008A0022
.text C:\WINNT\System32\svchost.exe[736] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008A0FDE
.text C:\WINNT\System32\svchost.exe[736] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00890FEF
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00950FEF
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0095006E
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0095005D
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0095004C
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00950F83
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00950F9E
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00950F5E
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009500A6
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009500E3
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009500D2
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00950F2F
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00950025
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0095000A
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0095007F
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00950FAF
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00950FD4
.text C:\WINNT\System32\svchost.exe[828] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009500B7
.text C:\WINNT\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006E0040
.text C:\WINNT\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006E006C
.text C:\WINNT\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006E0FE5
.text C:\WINNT\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006E001B
.text C:\WINNT\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006E0FB9
.text C:\WINNT\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006E0051
.text C:\WINNT\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006E0000
.text C:\WINNT\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006E0FCA
.text C:\WINNT\System32\svchost.exe[828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006D006E
.text C:\WINNT\System32\svchost.exe[828] msvcrt.dll!system 77C293C7 5 Bytes JMP 006D0FD9
.text C:\WINNT\System32\svchost.exe[828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006D002E
.text C:\WINNT\System32\svchost.exe[828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006D0000
.text C:\WINNT\System32\svchost.exe[828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006D0049
.text C:\WINNT\System32\svchost.exe[828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006D001D
.text C:\WINNT\System32\svchost.exe[828] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006C0FEF
.text C:\WINNT\System32\svchost.exe[828] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 006F0000
.text C:\WINNT\System32\svchost.exe[828] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 006F0FEF
.text C:\WINNT\System32\svchost.exe[828] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 006F001B
.text C:\WINNT\System32\svchost.exe[828] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 006F0040
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 23D80FE5
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 23D80093
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 23D80082
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 23D80F9E
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 23D80051
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 23D80FB9
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 23D80F61
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 23D80F72
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 23D80F46
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 23D800DF
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 23D800FA
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 23D80040
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 23D8000A
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 23D80F83
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 23D8001B
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 23D80FCA
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 23D800CE
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 23D60F8D
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] msvcrt.dll!system 77C293C7 5 Bytes JMP 23D60018
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 23D60FCD
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 23D60FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 23D60FA8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 23D60FDE
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 23D70036
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 23D70FCA
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 23D70FE5
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 23D7001B
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 23D70087
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 23D70062
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 23D7000A
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 23D70047
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1376] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 23D50000
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F8D
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F9E
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0076
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A005B
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FC3
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F72
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00BA
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00DF
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F46
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0F2B
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A004A
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0014
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A009D
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FDE
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0025
.text C:\WINNT\Explorer.EXE[2796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F57
.text C:\WINNT\Explorer.EXE[2796] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FCA
.text C:\WINNT\Explorer.EXE[2796] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290F8D
.text C:\WINNT\Explorer.EXE[2796] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290FDB
.text C:\WINNT\Explorer.EXE[2796] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290011
.text C:\WINNT\Explorer.EXE[2796] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290F9E
.text C:\WINNT\Explorer.EXE[2796] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290036
.text C:\WINNT\Explorer.EXE[2796] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290000
.text C:\WINNT\Explorer.EXE[2796] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FB9
.text C:\WINNT\Explorer.EXE[2796] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0058
.text C:\WINNT\Explorer.EXE[2796] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FCD
.text C:\WINNT\Explorer.EXE[2796] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0029
.text C:\WINNT\Explorer.EXE[2796] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINNT\Explorer.EXE[2796] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FDE
.text C:\WINNT\Explorer.EXE[2796] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0018
.text C:\WINNT\Explorer.EXE[2796] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002C0FEF
.text C:\WINNT\Explorer.EXE[2796] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002C0FD4
.text C:\WINNT\Explorer.EXE[2796] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002C000A
.text C:\WINNT\Explorer.EXE[2796] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002C001B
.text C:\WINNT\Explorer.EXE[2796] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01B60FE5
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FEF
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F8A
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B007F
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B006E
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0051
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FAF
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F6F
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B00B7
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0108
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B00F7
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001B0F4A
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001B0036
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001B0FD4
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001B009A
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001B001B
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001B0000
.text C:\WINNT\system32\wuauclt.exe[3060] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001B00D2
.text C:\WINNT\system32\wuauclt.exe[3060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FB2
.text C:\WINNT\system32\wuauclt.exe[3060] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FCD
.text C:\WINNT\system32\wuauclt.exe[3060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FEF
.text C:\WINNT\system32\wuauclt.exe[3060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A000C
.text C:\WINNT\system32\wuauclt.exe[3060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FDE
.text C:\WINNT\system32\wuauclt.exe[3060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A001D
.text C:\WINNT\system32\wuauclt.exe[3060] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002B0FCD
.text C:\WINNT\system32\wuauclt.exe[3060] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002B005B
.text C:\WINNT\system32\wuauclt.exe[3060] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002B0FDE
.text C:\WINNT\system32\wuauclt.exe[3060] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002B000A
.text C:\WINNT\system32\wuauclt.exe[3060] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002B0F9E
.text C:\WINNT\system32\wuauclt.exe[3060] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002B0040
.text C:\WINNT\system32\wuauclt.exe[3060] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002B0FEF
.text C:\WINNT\system32\wuauclt.exe[3060] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002B002F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00250000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00250F6D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250062
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250051
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00250F94
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250FAF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00250F24
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00250F35
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00250EE4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0025007D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00250098
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00250036
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0025001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00250F5C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00250FC0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00250FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00250F09
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0034002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0034005F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00340FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00340011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0034004E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0034003D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00340000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00340FB6
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 42F0F341 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 430A187F C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 430A1800 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 430A1844 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 430A178C C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 430A17C6 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 430A18BA C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 42F316F6 C:\WINNT\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0035002E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350FA3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0035001D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FBE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350FE3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] WININET.dll!InternetOpenA 7806C865 3 Bytes JMP 01920000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] WININET.dll!InternetOpenA + 4 7806C869 1 Byte [89]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] WININET.dll!InternetOpenW 7806CE99 3 Bytes JMP 01920FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] WININET.dll!InternetOpenW + 4 7806CE9D 1 Byte [89]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0192001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01920036
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3276] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 01390FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
countryfloors
Active Member
 
Posts: 4
Joined: February 6th, 2009, 2:30 pm

Re: Computer in all functions suddenly very slow

Unread postby Katana » March 12th, 2009, 6:17 pm

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Computer in all functions suddenly very slow

Unread postby NonSuch » March 20th, 2009, 1:06 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 75 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware