Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This Log file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack This Log file

Unread postby johnnycanuck » March 29th, 2009, 2:00 pm

Hello,

I am currently having trouble with internet explorer. I get a pop up saying "Internet has encountered a problem we are sorry for the inconvenience". The IE closes. I get the messages everytime I visit a new web page. Below is my Hijack this log. I have removed the p2p prorams from my computer. (morpheus and limewire) I appreciate your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:58 PM, on 29/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thegreenspider.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8370 bytes
johnnycanuck
Active Member
 
Posts: 10
Joined: March 29th, 2009, 1:27 pm
Advertisement
Register to Remove

Re: Hijack This Log file

Unread postby Bio-Hazard » April 6th, 2009, 2:59 am

Hello and Welcome to forums!

Sorry for the delay, forums is very busy.

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

No Reply Within 5 Days Will Result In Your Topic Being Closed!!



random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)
  • Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Hijack This Log file

Unread postby johnnycanuck » April 6th, 2009, 5:14 pm

Hi Bio-Hazard. Thanks for the help!

Here is my log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Steph at 2009-04-06 17:03:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (44%) free of 54 GB
Total RAM: 510 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:09 PM, on 06/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steph\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Steph.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thegreenspider.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8924 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3634724632-370188606-3250851631-1006.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-11-16 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-12 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-17 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
""= []
"DadApp"=C:\Program Files\Dell\AccessDirect\dadapp.exe [2004-03-04 211828]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-12-06 26112]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-02-01 385024]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-12-06 50688]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-11-16 127035]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-04 267048]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 200704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LaCie Backup"=C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [2006-07-06 2596864]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\Steph\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE"="C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20c280d0-dddf-11dd-b2f9-000b7d102a07}]
shell\Shell00\command - E:\Start.exe


======List of files/folders created in the last 1 months======

2010-02-13 00:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-02-13 00:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2010-02-13 00:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2010-02-13 00:32:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2010-02-13 00:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2010-02-13 00:27:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2009-04-06 17:03:53 ----D---- C:\rsit
2009-03-18 16:26:10 ----D---- C:\Program Files\Common Files\ODBC
2009-03-11 22:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 22:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 22:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 21:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-07 14:44:51 ----D---- C:\WINDOWS\system32\IOSUBSYS

======List of files/folders modified in the last 1 months======

2009-04-06 17:03:57 ----D---- C:\WINDOWS\Temp
2009-04-06 17:02:29 ----D---- C:\WINDOWS\Prefetch
2009-04-06 12:45:48 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt
2009-04-05 22:26:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-05 14:19:48 ----SD---- C:\Documents and Settings\Steph\Application Data\Microsoft
2009-04-05 14:19:33 ----D---- C:\WINDOWS
2009-04-03 16:58:35 ----RD---- C:\Program Files
2009-04-02 18:22:40 ----D---- C:\WINDOWS\SYSTEM32
2009-03-29 13:33:52 ----D---- C:\Program Files\Morpheus
2009-03-28 18:01:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-18 16:26:23 ----SHD---- C:\WINDOWS\Installer
2009-03-18 16:26:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-18 16:26:10 ----D---- C:\Program Files\Common Files
2009-03-17 17:36:03 ----D---- C:\Program Files\McAfee
2009-03-16 18:26:21 ----HD---- C:\WINDOWS\INF
2009-03-15 10:36:52 ----D---- C:\Program Files\MUSICMATCH
2009-03-15 10:34:34 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-03-15 10:34:29 ----D---- C:\WINDOWS\system32\DRIVERS
2009-03-15 10:30:35 ----D---- C:\Garmin
2009-03-15 10:29:56 ----D---- C:\Program Files\Dell
2009-03-15 10:27:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-15 10:26:02 ----D---- C:\Program Files\Yahoo!
2009-03-15 10:26:02 ----D---- C:\Program Files\Windows Media Player
2009-03-15 10:26:01 ----D---- C:\Program Files\WinAce
2009-03-15 10:26:00 ----D---- C:\Program Files\QuickTime
2009-03-15 10:26:00 ----D---- C:\Program Files\NetMeeting
2009-03-15 10:26:00 ----D---- C:\Program Files\Modem Helper
2009-03-15 10:25:59 ----D---- C:\Program Files\Java
2009-03-15 10:25:59 ----D---- C:\Program Files\Google
2009-03-15 10:25:59 ----D---- C:\Program Files\DivX
2009-03-15 10:25:59 ----D---- C:\Program Files\Adobe
2009-03-15 10:24:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-15 10:17:32 ----D---- C:\WINDOWS\occache
2009-03-14 12:42:52 ----D---- C:\WINDOWS\system32\FxsTmp
2009-03-11 22:00:18 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 22:00:15 ----D---- C:\WINDOWS\WinSxS
2009-03-11 17:30:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-08 08:50:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-12-06 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.7; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-12-06 15781]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-11-16 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-11-16 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-11-16 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-11-16 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-11-16 86554]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-11-16 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-11-16 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-11-16 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-11-16 100603]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-02-20 312960]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-11-13 197120]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-07-20 258160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-01-30 45568]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\system32\DRIVERS\enethusb.sys [2003-01-31 28005]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 Ser2pl;Tripp Lite USB to Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2001-12-05 41766]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-19 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\WLTRYSVC.EXE [2004-02-20 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-12 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-04 504104]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Here is my info:

info.txt logfile of random's system information tool 1.06 2009-04-06 17:04:15

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
AccessDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{417B79C9-CDB4-477F-952D-840CEFC57A6C}\setup.exe" -l0x9
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.3.5 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe
Broadcom Management Programs-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A6282FF-B75B-463F-90F5-0A43732F690D} /l1033
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Digital Photo Professional 3.4-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities Original Data Security Tools-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities WFT-E1/E2/E3 Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D480 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Wireless WLAN Utility-->C:\WINDOWS\system32\BCMWLU00.exe verbose
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Efficient Networks SpeedStream DSL-->C:\Program Files\Efficient Networks\SpeedStream DSL\setup.exe -uninstall
FreeUndelete-->C:\Program Files\FreeUndelete\GLFC1.exe /handle:fru
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
iTunes-->MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LaCie Backup Software v1.5.2378-->MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Magic ISO Maker v5.5 (build 0273)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Picture It! Photo Premium 9-->C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Streets and Trips 2004-->MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790210}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2004 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe D:\
Microsoft Works-->MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Morpheus Toolbar-->rundll32 C:\PROGRA~1\MORPHE~1\bar\1.bin\MorphBar.dll,O
Motorola Driver Installation-->MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Picasa 3-->"C:\Documents and Settings\Steph\My Documents\Picasa\Picasa3\Uninstall.exe"
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Samsung USB Driver (MCCI 4.16)-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1485ABFA-12D7-4107-9148-54EE30CDBA67}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Versal FileDownload ActiveX Control Trial Version-->C:\Program Files\Universal\UFileDownloadD\USetup.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2009-03-01]
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL [2009-03-01]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-03-01]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com [2009-03-01]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com [2009-03-01]
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL [2009-03-01]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thegreenspider.com/ [2009-03-01]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-08]
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html [2009-03-08]
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll [2009-03-08]
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) [2009-03-12]
O4 - Global Startup: Digital Line Detect.lnk = ? [2009-03-12]
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-12]
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2009-03-12]
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL [2009-03-12]
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) [2009-03-12]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-03-12]
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [2009-03-12]
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL [2009-03-12]
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2009-03-12]
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" [2009-03-12]
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe [2009-03-12]
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2009-03-12]
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) [2009-03-15]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-15]
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2009-03-15]
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe [2009-03-15]

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: STEPHIE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 3618
Source Name: Cdrom
Time Written: 20090306171234.000000-300
Event Type: error
User:

Computer Name: STEPHIE
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 3617
Source Name: Cdrom
Time Written: 20090306171227.000000-300
Event Type: error
User:

Computer Name: STEPHIE
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 3616
Source Name: Cdrom
Time Written: 20090306171221.000000-300
Event Type: error
User:

Computer Name: STEPHIE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 3615
Source Name: Cdrom
Time Written: 20090306171215.000000-300
Event Type: error
User:

Computer Name: STEPHIE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 3614
Source Name: Cdrom
Time Written: 20090306171209.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: STEPHIE
Event Code: 1517
Message: Windows saved user STEPHIE\Steph registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 20
Source Name: Userenv
Time Written: 20081215212743.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: STEPHIE
Event Code: 20
Message:
Record Number: 19
Source Name: Google Update
Time Written: 20081215194450.000000-300
Event Type: error
User: STEPHIE\Steph

Computer Name: STEPHIE
Event Code: 1517
Message: Windows saved user STEPHIE\Steph registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 13
Source Name: Userenv
Time Written: 20081215193013.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: STEPHIE
Event Code: 20
Message:
Record Number: 12
Source Name: Google Update
Time Written: 20081215191524.000000-300
Event Type: error
User: STEPHIE\Steph

Computer Name: STEPHIE
Event Code: 1517
Message: Windows saved user STEPHIE\Steph registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 6
Source Name: Userenv
Time Written: 20081215162912.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------
johnnycanuck
Active Member
 
Posts: 10
Joined: March 29th, 2009, 1:27 pm

Re: Hijack This Log file

Unread postby Bio-Hazard » April 7th, 2009, 11:33 am

Hello!

Your logs doesnt show anything malicious. Is your IE still crashing on you? From your HijackThis log i can see that you are using IE6 would you be interested to try IE 8, which is now the latest version of IE?

Remove programs

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    BitTornado 0.3.17
    Morpheus Toolbar
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


ATF-Cleaner

Please download ATF Cleaner by Atribune.

  • Save it to your desktop
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords please click No at the prompt.
  • Click Exit on the Main menu to close the program.



Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.


Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason it's extremely important that you keep the program up to date and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 13.
  • Go to HERE
  • Click on the link named Java Runtime Environment (JRE) 6 Update 13
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file and follow the on-screen instructions.
  • Reboot your computer



Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Answers to my questions
  • Kaspersky Log
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Hijack This Log file

Unread postby johnnycanuck » April 10th, 2009, 9:08 am

Hi Bio-Hazard

Sorry for the delay. It was busy week! I am still having problems with IE. I have found Google Chrome and Firefox to be much more stable to browse the internet. There a still some slight problems with GC anf FF. I can't upload files to forum or attachments to hotmail and facebook. I followed all the steps you asked me to do and these issues still exist. Here are my logs. Thanks for your help!

Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, April 8, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, April 08, 2009 00:54:34
Records in database: 2021752
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 63281
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 04:35:50


File name / Threat name / Threats count
C:\Program Files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1
C:\Program Files\MorpheusBar\bar\1.bin\M0POPSWT.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1
C:\Program Files\MorpheusBar\bar\1.bin\NPMORPBR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090301-194535-801.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1

The selected area was scanned.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:52 AM, on 10/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thegreenspider.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8724 bytes
johnnycanuck
Active Member
 
Posts: 10
Joined: March 29th, 2009, 1:27 pm

Re: Hijack This Log file

Unread postby Bio-Hazard » April 10th, 2009, 10:44 am

Hello!


From your HijackThis log i can see that you are using IE6 would you be interested to try IE 8, which is now the latest version of IE?



Back Up registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Morpheus\Morpheus.exe"=-
"C:\Program Files\BitTornado\btdownloadgui.exe"=-
"C:\Program Files\LimeWire\LimeWire.exe"=-
:files
C:\Program Files\LimeWire
C:\Program Files\BitTornado
C:\Program Files\Morpheus
:commands
[EmptyTemp]

  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3


Optional Fix

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself.

To uninstall the the Viewpoint components :
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.


    How to prevent it from being recreated every time you run the AOL software:
    • Open AOL
    • Go to Help on the toolbar
    • Select About AOL
    • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.




Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • OTMoveIt Log
  • Answer to my question
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Hijack This Log file

Unread postby johnnycanuck » April 12th, 2009, 6:03 pm

Hi Bio-Hazard,

After using Google Chrome for the last couple weeks, I prefer it to IE. I don't see myself going back to IE. My computer system is still unstable when browsing the internet. As I mentioned before, GC is better than IE, but I still have problems with GC once and a while. I have removed Viewpoint from my system as you recommended.
Here is my OTmoveIT log:
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Morpheus\Morpheus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTornado\btdownloadgui.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\LimeWire not found.
File/Folder C:\Program Files\BitTornado not found.
C:\Program Files\Morpheus moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Steph\LOCALS~1\Temp\etilqs_BvkvtNf6zoSz9e5 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Steph\LOCALS~1\Temp\etilqs_X940U6RjXkZj4NN scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Steph\LOCALS~1\Temp\~DF91F2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Steph\LOCALS~1\Temp\~DF9200.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Steph\LOCALS~1\Temp\~DFA1C6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Steph\LOCALS~1\Temp\~DFA1D9.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_oKysIMpLqQX294x scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_LfSbsbNy5dgiTcx scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_SSknh0LkGA7hWJL scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_SxM0SuKD75IuCyB scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_678.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_cXJyMw7bPcBydsR scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_ekruhxxTG85TwXu scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_G0qKWgm1JGzdfBV scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04122009_174433

Files moved on Reboot...
File C:\DOCUME~1\Steph\LOCALS~1\Temp\etilqs_BvkvtNf6zoSz9e5 not found!
File C:\DOCUME~1\Steph\LOCALS~1\Temp\etilqs_X940U6RjXkZj4NN not found!
File C:\DOCUME~1\Steph\LOCALS~1\Temp\~DF91F2.tmp not found!
File C:\DOCUME~1\Steph\LOCALS~1\Temp\~DF9200.tmp not found!
File C:\DOCUME~1\Steph\LOCALS~1\Temp\~DFA1C6.tmp not found!
File C:\DOCUME~1\Steph\LOCALS~1\Temp\~DFA1D9.tmp not found!
C:\WINDOWS\temp\mcafee_oKysIMpLqQX294x moved successfully.
C:\WINDOWS\temp\mcmsc_LfSbsbNy5dgiTcx moved successfully.
C:\WINDOWS\temp\mcmsc_SSknh0LkGA7hWJL moved successfully.
C:\WINDOWS\temp\mcmsc_SxM0SuKD75IuCyB moved successfully.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_678.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\sqlite_cXJyMw7bPcBydsR moved successfully.
C:\WINDOWS\temp\sqlite_ekruhxxTG85TwXu moved successfully.
C:\WINDOWS\temp\sqlite_G0qKWgm1JGzdfBV moved successfully.
File C:\WINDOWS\temp\WFV1.tmp not found!

Here is my new Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:12 PM, on 12/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thegreenspider.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8872 bytes

Once again I appreciate your help!
johnnycanuck
Active Member
 
Posts: 10
Joined: March 29th, 2009, 1:27 pm

Re: Hijack This Log file

Unread postby Bio-Hazard » April 14th, 2009, 4:26 am

Hello!

Sorry for the delay. I have been doing night shifts at work and we were extremely busy.

My computer system is still unstable when browsing the internet.


Could you give me as much information as possible?
What happnes with your internet when you are browsing?
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Hijack This Log file

Unread postby johnnycanuck » April 15th, 2009, 7:53 pm

When I browse the internet with IE I get the "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." This comes up with every new window I open and then I have to start over. I will get a similar message with Google Chrome, but less frequently. I am also unable to post pictures on forum sites or uploading pictures on facebook. Help!
johnnycanuck
Active Member
 
Posts: 10
Joined: March 29th, 2009, 1:27 pm

Re: Hijack This Log file

Unread postby Bio-Hazard » April 16th, 2009, 10:30 am

Hello!

STEP 1

Uninstall Google Chrome and the reinstall it. You can download Google Chrome from Here. More information about uninstalling Google Chrome you can find HERE. Google Chrome wont delete the userprofile.

This is a quote from that site.
Google Chrome leaves behind your profile information in case you wish to reinstall in the future.



STEP 2

Install new version of Internet Explorer. You can download Internet Explorer 7 from HERE. Or you can download Internet Explorer 8 (which is the latest version) from HERE


STEP 3

Using Gmer

Please download Gmer by Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • GMER Log
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Hijack This Log file

Unread postby johnnycanuck » April 20th, 2009, 6:26 pm

Hi!

Sorry for the delay. I thought my post on the weekend went through, but apparently it didn't! IE 8 is much more stable than IE 6. My internet does shutdown on a regular basis anymore. I have, however, been getting the following pop up every time Windows starts: "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the incovenience." From time to time I lose my internet connection for no apparent reason. The only way I have found to fix this problem is by restarting the computer. These issues have been happening since last friday.

Here is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:19 PM, on 20/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thegreenspider.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10179 bytes
johnnycanuck
Active Member
 
Posts: 10
Joined: March 29th, 2009, 1:27 pm

Re: Hijack This Log file

Unread postby johnnycanuck » April 20th, 2009, 6:28 pm

Here is my gmer log:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-19 13:00:27
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEF36B9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEF36BA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEF36B958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEF36B96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEF36BA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEF36BA81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEF36BAEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEF36BAD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEF36B9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEF36BB1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEF36BA2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEF36B930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEF36B944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEF36B9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEF36BB57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEF36BAC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEF36BAAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEF36BA6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEF36BB43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEF36BB2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEF36B996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEF36B982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEF36BA97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEF36BA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEF36BB05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEF36BA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEF36B9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EF36B9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP EF36BA31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP EF36BAB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP EF36B9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP EF36B986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP EF36BA45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP EF36BB5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP EF36BAF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP EF36B934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP EF36B9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP EF36BA9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP EF36BA04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP EF36B9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP EF36B970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP EF36BA1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP EF36B948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP EF36BB1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP EF36BADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP EF36BA85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP EF36BA59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP EF36B95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD17 5 Bytes JMP EF36B99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9DA 7 Bytes JMP EF36BB09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E300 7 Bytes JMP EF36BAC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E77C 7 Bytes JMP EF36BA6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC71 5 Bytes JMP EF36BB33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0DC 5 Bytes JMP EF36BB47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[144] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[144] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[144] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[144] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[144] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D80F77
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D8006C
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D8005B
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D80F9E
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D80025
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D80F3A
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D80F4B
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D800C2
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D800B1
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D800D3
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D80036
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D80F5C
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D80FAF
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D80FC0
.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D80F29
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D70036
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D70F79
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D70025
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D70F94
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D7000A
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D70FAF
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F7, 88]
.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D70FC0
.text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D60FB2
.text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D60FC3
.text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D60029
.text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[488] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\svchost.exe[488] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[488] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[488] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[488] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[488] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[488] wininet.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00D40FE5
.text C:\WINDOWS\system32\svchost.exe[488] wininet.dll!InternetOpenW 6302B92E 5 Bytes JMP 00D40FD4
.text C:\WINDOWS\system32\svchost.exe[488] wininet.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00D40FC3
.text C:\WINDOWS\system32\svchost.exe[488] wininet.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00D40014
.text C:\WINDOWS\system32\winlogon.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\winlogon.exe[608] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\winlogon.exe[608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\winlogon.exe[608] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\winlogon.exe[608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\winlogon.exe[608] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010D0FEF
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010D006E
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010D0F79
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010D0047
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010D0F8A
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010D001B
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010D0090
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010D0F48
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010D0F08
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010D00AB
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010D00BC
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010D002C
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010D0FD4
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreatePipe 7C81D83F 3 Bytes JMP 010D007F
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreatePipe + 4 7C81D843 1 Byte [84]
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010D0000
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010D0FAF
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010D0F2D
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010C001B
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010C0F9E
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010C000A
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010C0FD4
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010C0051
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010C0FEF
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010C0040
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010C0FAF
.text C:\WINDOWS\system32\services.exe[652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010B002C
.text C:\WINDOWS\system32\services.exe[652] msvcrt.dll!system 77C293C7 5 Bytes JMP 010B001B
.text C:\WINDOWS\system32\services.exe[652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010B0FC6
.text C:\WINDOWS\system32\services.exe[652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010B0000
.text C:\WINDOWS\system32\services.exe[652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010B0FAB
.text C:\WINDOWS\system32\services.exe[652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010B0FE3
.text C:\WINDOWS\system32\services.exe[652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010A0000
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F79
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70F8A
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F9B
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70058
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7003D
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F700A4
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F5E
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70F15
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F26
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70EFA
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70FB6
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70011
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70089
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70022
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70FD1
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F41
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C40F9E
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C40040
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C40FB9
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E4, 88] {IN AL, 0x88}
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C4005B
.text C:\WINDOWS\system32\lsass.exe[664] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30F81
.text C:\WINDOWS\system32\lsass.exe[664] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30F9C
.text C:\WINDOWS\system32\lsass.exe[664] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30FD2
.text C:\WINDOWS\system32\lsass.exe[664] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\lsass.exe[664] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30FAD
.text C:\WINDOWS\system32\lsass.exe[664] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3000C
.text C:\WINDOWS\system32\lsass.exe[664] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\lsass.exe[664] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\lsass.exe[664] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\lsass.exe[664] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\lsass.exe[664] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\lsass.exe[664] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\lsass.exe[664] wininet.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\lsass.exe[664] wininet.dll!InternetOpenW 6302B92E 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\lsass.exe[664] wininet.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\lsass.exe[664] wininet.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C70F94
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C70093
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C70082
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C7005B
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C70039
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C70F77
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C700BF
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C70F30
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C70F4B
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C70F0B
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C7004A
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C70FDE
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C700A4
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C70FCD
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C7001E
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C70F5C
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C60014
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C60F6B
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C60FC3
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C60FD4
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C60F7C
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C60F97
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E6, 88] {OUT 0x88, AL}
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C60FB2
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C50FB9
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C50FD4
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C50033
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C50044
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[844] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\system32\svchost.exe[844] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[844] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[844] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[844] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[844] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[844] wininet.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[844] wininet.dll!InternetOpenW 6302B92E 5 Bytes JMP 00C30011
.text C:\WINDOWS\system32\svchost.exe[844] wininet.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00C30022
.text C:\WINDOWS\system32\svchost.exe[844] wininet.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00C3003D
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90085
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F9006A
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F90
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90FA1
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FBC
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900CE
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F900B3
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F90F5A
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F6B
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F9010E
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90043
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FDE
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90096
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F90FCD
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F90014
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900E9
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FA8
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80F5A
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FC3
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80FDE
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80F6B
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F80F7C
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [18, 89]
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80F97
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70FAD
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70038
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70FD9
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70FC8
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F7001D
.text C:\WINDOWS\system32\svchost.exe[924] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00F6000A
.text C:\WINDOWS\system32\svchost.exe[924] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[924] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[924] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[924] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[924] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[924] wininet.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00F50FE5
.text C:\WINDOWS\system32\svchost.exe[924] wininet.dll!InternetOpenW 6302B92E 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\svchost.exe[924] wininet.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00F50011
.text C:\WINDOWS\system32\svchost.exe[924] wininet.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00F50FCA
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00960F72
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00960067
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00960F8D
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0096004A
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00960014
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009600A7
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00960F55
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00960F29
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00960F3A
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009600DD
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0096002F
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00960FD4
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00960082
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00960FA8
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00960FB9
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009600C2
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00950FCA
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00950062
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00950FE5
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0095001B
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00950047
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00950000
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00950FA5
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B5, 88] {MOV CH, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00950036
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00940FC6
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!system 77C293C7 5 Bytes JMP 00940FD7
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00940022
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00940000
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0094003D
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00940011
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[1016] wininet.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1016] wininet.dll!InternetOpenW 6302B92E 5 Bytes JMP 00920025
.text C:\WINDOWS\system32\svchost.exe[1016] wininet.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00920040
.text C:\WINDOWS\system32\svchost.exe[1016] wininet.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00920051
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010B0FEF
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010B0F79
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010B0064
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010B0F8A
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010B0047
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010B0FB9
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010B0F46
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010B0F57
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010B00B3
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010B0F1A
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010B0EFF
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010B0036
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010B000A
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010B0F68
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010B0FCA
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010B001B
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010B0F2B
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010A0039
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010A0076
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010A0FDE
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010A0FEF
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010A0065
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010A0000
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 010A0FC3
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [2A, 89]
.text C:\WINDOWS\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010A0054
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01090027
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!system 77C293C7 5 Bytes JMP 01090F9C
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0109000C
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01090FEF
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01090FAD
.text C:\WINDOWS\system32\svchost.exe[1128] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01090FD2
.text C:\WINDOWS\system32\svchost.exe[1128] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[1128] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[1128] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[1128] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[1128] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[1128] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[1128] wininet.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1128] wininet.dll!InternetOpenW 6302B92E 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\svchost.exe[1128] wininet.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\system32\svchost.exe[1128] wininet.dll!InternetOpenUrlW
johnnycanuck
Active Member
 
Posts: 10
Joined: March 29th, 2009, 1:27 pm

Re: Hijack This Log file

Unread postby johnnycanuck » April 20th, 2009, 6:29 pm

.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250000
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002500B5
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0025008E
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250058
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250F94
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002500D0
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0025010B
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00250F72
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00250F57
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0025007D
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0025001B
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00250FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250047
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250036
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250F83
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00340014
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0034006C
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0034005B
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00340040
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0034002F
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00BD9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00CB4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00DCE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00DCDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00DCDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00DCDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00DCDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00DCE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00DCDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350F95
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 01760000
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 01760011
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 01760022
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 01760FC7
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01810FE5
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\spoolsv.exe[1504] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\spoolsv.exe[1504] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\spoolsv.exe[1504] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\spoolsv.exe[1504] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\spoolsv.exe[1504] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10F29
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10F3A
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F57
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10F72
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10014
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C1005D
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10040
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10EF0
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10089
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C100A4
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10F83
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C1002F
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10FB2
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C10078
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B20FAF
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B2003D
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B20FCA
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B2002C
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B20F94
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D2, 88]
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B20011
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B10053
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B10038
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B10FC8
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B10FE3
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B1001D
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B1000C
.text C:\WINDOWS\system32\svchost.exe[1592] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1592] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[1592] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[1592] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[1592] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[1592] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[1592] wininet.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1592] wininet.dll!InternetOpenW 6302B92E 5 Bytes JMP 00AF000A
.text C:\WINDOWS\system32\svchost.exe[1592] wininet.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00AF0FCA
.text C:\WINDOWS\system32\svchost.exe[1592] wininet.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00AF001B
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0036
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0F4B
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0F5C
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0F83
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE0FAF
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0F24
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE006C
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE00A9
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE008E
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE00CE
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0F9E
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE000A
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE005B
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE001B
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE007D
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0F9E
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD0025
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD005B
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0000
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FD004A
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\System32\svchost.exe[1668] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FC003D
.text C:\WINDOWS\System32\svchost.exe[1668] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FC0022
.text C:\WINDOWS\System32\svchost.exe[1668] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FC0011
.text C:\WINDOWS\System32\svchost.exe[1668] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FC0000
.text C:\WINDOWS\System32\svchost.exe[1668] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FC0FBC
.text C:\WINDOWS\System32\svchost.exe[1668] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FC0FE3
.text C:\WINDOWS\System32\svchost.exe[1668] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00FB0000
.text C:\WINDOWS\System32\svchost.exe[1668] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[1668] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[1668] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[1668] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[1668] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[1668] wininet.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00700000
.text C:\WINDOWS\System32\svchost.exe[1668] wininet.dll!InternetOpenW 6302B92E 5 Bytes JMP 0070001B
.text C:\WINDOWS\System32\svchost.exe[1668] wininet.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00700FE5
.text C:\WINDOWS\System32\svchost.exe[1668] wininet.dll!InternetOpenUrlW 63077347 5 Bytes JMP 0070002C
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1752] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1752] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1752] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1752] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1752] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1964] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1964] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1964] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1964] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1964] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250000
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F3E
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250033
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250022
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250F9B
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250061
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250044
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250EED
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00250EFE
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002500A1
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250F80
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00250011
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00250F23
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250072
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0034000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00340F94
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340051
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00340040
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340025
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00BD9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CADBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 00CADD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00CB4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C11CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00DCE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00DCDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00DCDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00DCDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00DCDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00DCE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00DCDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350055
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350044
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350029
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350018
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00CB488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 026F0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 026F0014
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 026F0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 026F0FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2016] ws2_32.dll!socket 71AB4211 5 Bytes JMP 027A000A
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00AE
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A007D
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A006C
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0047
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F70
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F81
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F44
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00F8
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FDB
.text C:\WINDOWS\System32\svchost.exe[2672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F5F
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029005B
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290091
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290036
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029001B
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290FD4
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FE5
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\System32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0029006C
.text C:\WINDOWS\System32\svchost.exe[2672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0042
.text C:\WINDOWS\System32\svchost.exe[2672] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0027
.text C:\WINDOWS\System32\svchost.exe[2672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FC1
.text C:\WINDOWS\System32\svchost.exe[2672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[2672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0016
.text C:\WINDOWS\System32\svchost.exe[2672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FD2
.text C:\WINDOWS\System32\svchost.exe[2672] ws2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FE5
.text C:\WINDOWS\System32\svchost.exe[2672] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[2672] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[2672] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[2672] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[2672] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[2672] wininet.dll!InternetOpenA 6302B2D5 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[2672] wininet.dll!InternetOpenW 6302B92E 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\System32\svchost.exe[2672] wininet.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 006D0011
.text C:\WINDOWS\System32\svchost.exe[2672] wininet.dll!InternetOpenUrlW 63077347 5 Bytes JMP 006D0FCA
.text C:\WINDOWS\System32\alg.exe[3048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Dell\AccessDirect\dadapp.exe[3452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\Dell\AccessDirect\dadapp.exe[3452] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\Dell\AccessDirect\dadapp.exe[3452] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\Dell\AccessDirect\dadapp.exe[3452] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\Dell\AccessDirect\dadapp.exe[3452] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\Dell\AccessDirect\dadapp.exe[3452] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3488] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3488] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3488] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3488] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3488] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F83
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0082
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A005B
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A002F
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F55
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A009D
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F30
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00D3
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00E4
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0040
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F72
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\explorer.exe[4012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00B8
.text C:\WINDOWS\explorer.exe[4012] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FE5
.text C:\WINDOWS\explorer.exe[4012] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029006C
.text C:\WINDOWS\explorer.exe[4012] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029002C
.text C:\WINDOWS\explorer.exe[4012] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029001B
.text C:\WINDOWS\explorer.exe[4012] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290051
.text C:\WINDOWS\explorer.exe[4012] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0029000A
.text C:\WINDOWS\explorer.exe[4012] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FAF
.text C:\WINDOWS\explorer.exe[4012] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\explorer.exe[4012] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FCA
.text C:\WINDOWS\explorer.exe[4012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F9A
.text C:\WINDOWS\explorer.exe[4012] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FB5
.text C:\WINDOWS\explorer.exe[4012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FD7
.text C:\WINDOWS\explorer.exe[4012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\explorer.exe[4012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FC6
.text C:\WINDOWS\explorer.exe[4012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0011
.text C:\WINDOWS\explorer.exe[4012] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 002C0000
.text C:\WINDOWS\explorer.exe[4012] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 002C0011
.text C:\WINDOWS\explorer.exe[4012] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\explorer.exe[4012] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 002C0040
.text C:\WINDOWS\explorer.exe[4012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DA0000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2016] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [017718FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat EDF3DD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
johnnycanuck
Active Member
 
Posts: 10
Joined: March 29th, 2009, 1:27 pm

Re: Hijack This Log file

Unread postby Bio-Hazard » April 21st, 2009, 8:08 am

Hello!

I am going through your GMER log. Do you still have same problems when you are using Chrome aswell?
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Hijack This Log file

Unread postby johnnycanuck » April 21st, 2009, 5:32 pm

yes, Google Chrome is more stable. I am able to upload pictures again.
johnnycanuck
Active Member
 
Posts: 10
Joined: March 29th, 2009, 1:27 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware