Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware and browser redirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware and browser redirection

Unread postby Fable » May 16th, 2010, 2:44 pm

Hi, recently i have been getting alot of trojans on my computer and i am not sure why. I use my norton antivirus to get rid of them, but theres always one 'mouclass.sys (Backdoor.Tidserv.I!inf)' that remains on my computer which my antivirus cannot seem to get rid off. Also i have noticed that recently (when using firefox) when i type something into google and try clicking on one of the results, my page sometimes gets redirected. Thanks in advance for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:08, on 16/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetWaiting\NetWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\MCUI32.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dial.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6954644515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13554 bytes
Fable
Regular Member
 
Posts: 45
Joined: November 20th, 2009, 2:02 pm
Advertisement
Register to Remove

Re: Malware and browser redirection

Unread postby MWR 3 day Mod » May 20th, 2010, 1:33 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Malware and browser redirection

Unread postby Cypher » May 20th, 2010, 6:07 am

Hi and welcome to Malware Removal Forums, Sorry for the delay in answering your request for help.
We have had more logs than we could handle in a timely manner.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

  • If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.



Please post an Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware and browser redirection

Unread postby Fable » May 20th, 2010, 11:21 am

Hi Cypher, thanks for replying

32 Bit HP CIO Components Installer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS4
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 8.1.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AhnLab Online Security
Any Video Converter 3.0.1
AoA Audio Extractor 1.0
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Broadcom Management Programs
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Connect
Dell Driver Reset Tool
Dell Media Experience
Dell Network Assistant
Dell Support 3.2
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Google SketchUp 7
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 12
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
kuler
LAME v3.98.2 for Audacity
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
McAfee Uninstaller
McAfee Virtual Technician
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
mIWA
Mixer
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
Norton Internet Security
OGA Notifier 2.0.0048.0
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Sky Broadband
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Vegas Pro 8.0
Sound Blaster Audigy ADVANCED MB Demo
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VeohTV BETA
Viewpoint Media Player
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Fable
Regular Member
 
Posts: 45
Joined: November 20th, 2009, 2:02 pm

Re: Malware and browser redirection

Unread postby Cypher » May 20th, 2010, 1:10 pm

Hi Fable.
thanks for replying.

You're welcome.
I see you abandoned you're last topic with deltalima, i hope you are going to see it through this time.
I also see you had trouble running Gmer last time but i need you to try running it again.
If you have trouble with Gmer in normal mode try it again in safe mode.


Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 12
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Microsoft Choice Guard
SUPERAntiSpyware Free Edition



Next.

Security Check

  • Download Security Check by screen317 from:
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.


Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)


Logs/Information to Post in your Next Reply

  • checkup.txt log.
  • Gmer.txt log
  • RSIT log.txt and info.txt contents.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware and browser redirection

Unread postby Fable » May 20th, 2010, 4:17 pm

Hi, yes last time i must've done something wrong as my computer completely shut down and wouldnt start so i ended up having to take it to a repair shop. But i was extremely grateful for Deltalimas help.

Also i tried looking for Microsoft Choice Guard in my add/remove list, but couldnt find it, and i didnt end up removing it before i began these scans, sorry about that.

Here are the logs:

Checkup.txt log


Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
McAfee Uninstaller
McAfee Virtual Technician
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Adobe Flash Player 10.0.45.2
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````


Gmer.txt log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-20 20:43:02
Windows 5.1.2600 Service Pack 3
Running: zdmmg5xy.exe; Driver: C:\DOCUME~1\Sagar\LOCALS~1\Temp\kwrcraoc.sys


---- System - GMER 1.0.15 ----

SSDT 85844050 ZwAlertResumeThread
SSDT 85F9C050 ZwAlertThread
SSDT 8606DEF8 ZwAllocateVirtualMemory
SSDT 85841050 ZwAssignProcessToJobObject
SSDT 8610A220 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA2B8210]
SSDT 8582FB40 ZwCreateMutant
SSDT 857B2540 ZwCreateSymbolicLinkObject
SSDT 8606E520 ZwCreateThread
SSDT 85F95050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA2B8490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA2B89F0]
SSDT 8606E1A0 ZwDuplicateObject
SSDT 8606D7F0 ZwFreeVirtualMemory
SSDT 85F9A050 ZwImpersonateAnonymousToken
SSDT 857C8050 ZwImpersonateThread
SSDT 86113FD0 ZwLoadDriver
SSDT 8606D530 ZwMapViewOfSection
SSDT 857C7050 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xAA2B87A0]
SSDT 8606E408 ZwOpenProcess
SSDT 86073050 ZwOpenProcessToken
SSDT 857C6050 ZwOpenSection
SSDT 8606E270 ZwOpenThread
SSDT 857B33A0 ZwProtectVirtualMemory
SSDT 8608F050 ZwResumeThread
SSDT 860BB050 ZwSetContextThread
SSDT 8606D3D8 ZwSetInformationProcess
SSDT 85F97050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA2B8C40]
SSDT 85F99050 ZwSuspendProcess
SSDT 857CB050 ZwSuspendThread
SSDT 860BC050 ZwTerminateProcess
SSDT 860B9050 ZwTerminateThread
SSDT 85F9E050 ZwUnmapViewOfSection
SSDT 8606D8C0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.rsrc C:\WINDOWS\system32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0xF7989814]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00F838BA
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F83A83
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00F83B2A
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00F7508F
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00F751D1
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00F74DD2
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00F74E96
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00F74D8A
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00F74E65
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00F74B96
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00F74BEF
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00F74E16
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00F74CE9
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00F74C48
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F73A1B
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F73A58
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F73A7E
.text C:\Documents and Settings\Sagar\My Documents\Downloads\zdmmg5xy.exe[316] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00F7AC94
.text C:\Program Files\AOL Companion\companion.exe[1720] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 001538BA
.text C:\Program Files\AOL Companion\companion.exe[1720] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00153A83
.text C:\Program Files\AOL Companion\companion.exe[1720] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00153B2A
.text C:\Program Files\AOL Companion\companion.exe[1720] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00143A1B
.text C:\Program Files\AOL Companion\companion.exe[1720] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00143A58
.text C:\Program Files\AOL Companion\companion.exe[1720] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00143A7E
.text C:\Program Files\AOL Companion\companion.exe[1720] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0014508F
.text C:\Program Files\AOL Companion\companion.exe[1720] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 001451D1
.text C:\Program Files\AOL Companion\companion.exe[1720] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00144DD2
.text C:\Program Files\AOL Companion\companion.exe[1720] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00144E96
.text C:\Program Files\AOL Companion\companion.exe[1720] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00144D8A
.text C:\Program Files\AOL Companion\companion.exe[1720] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00144E65
.text C:\Program Files\AOL Companion\companion.exe[1720] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00144B96
.text C:\Program Files\AOL Companion\companion.exe[1720] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00144BEF
.text C:\Program Files\AOL Companion\companion.exe[1720] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00144E16
.text C:\Program Files\AOL Companion\companion.exe[1720] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00144CE9
.text C:\Program Files\AOL Companion\companion.exe[1720] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00144C48
.text C:\Program Files\AOL Companion\companion.exe[1720] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0014AC94
.text C:\WINDOWS\System32\svchost.exe[1744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[1744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1744] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[1744] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 02A0000A
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 003738BA
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00373A83
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00373B2A
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00363A1B
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00363A58
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00363A7E
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0036AC94
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0036508F
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 003651D1
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00364DD2
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00364E96
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00364D8A
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00364E65
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00364B96
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00364BEF
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00364E16
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00364CE9
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1800] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00364C48
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 013638BA
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01363A83
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01363B2A
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01354DD2
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01354E96
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01354D8A
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01354E65
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01354B96
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01354BEF
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01354E16
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01354CE9
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01354C48
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0135508F
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 013551D1
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01353A1B
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01353A58
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01353A7E
.text C:\Program Files\iTunes\iTunesHelper.exe[2376] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0135AC94
.text C:\Program Files\QuickTime\qttask.exe[2524] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00E038BA
.text C:\Program Files\QuickTime\qttask.exe[2524] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00E03A83
.text C:\Program Files\QuickTime\qttask.exe[2524] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00E03B2A
.text C:\Program Files\QuickTime\qttask.exe[2524] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00DF508F
.text C:\Program Files\QuickTime\qttask.exe[2524] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00DF51D1
.text C:\Program Files\QuickTime\qttask.exe[2524] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00DF4DD2
.text C:\Program Files\QuickTime\qttask.exe[2524] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00DF4E96
.text C:\Program Files\QuickTime\qttask.exe[2524] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00DF4D8A
.text C:\Program Files\QuickTime\qttask.exe[2524] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00DF4E65
.text C:\Program Files\QuickTime\qttask.exe[2524] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00DF4B96
.text C:\Program Files\QuickTime\qttask.exe[2524] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00DF4BEF
.text C:\Program Files\QuickTime\qttask.exe[2524] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00DF4E16
.text C:\Program Files\QuickTime\qttask.exe[2524] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00DF4CE9
.text C:\Program Files\QuickTime\qttask.exe[2524] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00DF4C48
.text C:\Program Files\QuickTime\qttask.exe[2524] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DF3A1B
.text C:\Program Files\QuickTime\qttask.exe[2524] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DF3A58
.text C:\Program Files\QuickTime\qttask.exe[2524] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DF3A7E
.text C:\Program Files\QuickTime\qttask.exe[2524] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00DFAC94
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00F738BA
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F73A83
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00F73B2A
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00F6508F
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00F651D1
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F63A1B
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F63A58
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F63A7E
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00F64DD2
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00F64E96
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00F64D8A
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00F64E65
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00F64B96
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00F64BEF
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00F64E16
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00F64CE9
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00F64C48
.text C:\Program Files\NetWaiting\NetWaiting.exe[2540] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00F6AC94
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D938BA
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D93A83
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00D93B2A
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D8508F
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00D851D1
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00D84DD2
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00D84E96
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00D84D8A
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00D84E65
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00D84B96
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00D84BEF
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00D84E16
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00D84CE9
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00D84C48
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D83A1B
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00D83A58
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D83A7E
.text C:\Program Files\Dell Support\DSAgnt.exe[2556] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00D8AC94
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 02B438BA
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 02B43A83
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 02B43B2A
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02B33A1B
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02B33A58
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02B33A7E
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 02B3AC94
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 02B3508F
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 02B351D1
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02B34DD2
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 02B34E96
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02B34D8A
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 02B34E65
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 02B34B96
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 02B34BEF
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 02B34E16
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 02B34CE9
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2580] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 02B34C48
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01BF38BA
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01BF3A83
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01BF3B2A
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01BE508F
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 01BE51D1
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 01BEAC94
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01BE4DD2
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01BE4E96
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01BE4D8A
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01BE4E65
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01BE4B96
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01BE4BEF
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01BE4E16
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01BE4CE9
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01BE4C48
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01BE3A1B
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01BE3A58
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2588] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01BE3A7E
.text C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D938BA
.text C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D93A83
.text C:\WINDOWS\system32\ctfmon.exe[2596] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00D93B2A
.text C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D8508F
.text C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00D851D1
.text C:\WINDOWS\system32\ctfmon.exe[2596] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00D84DD2
.text C:\WINDOWS\system32\ctfmon.exe[2596] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00D84E96
.text C:\WINDOWS\system32\ctfmon.exe[2596] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00D84D8A
.text C:\WINDOWS\system32\ctfmon.exe[2596] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00D84E65
.text C:\WINDOWS\system32\ctfmon.exe[2596] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00D84B96
.text C:\WINDOWS\system32\ctfmon.exe[2596] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00D84BEF
.text C:\WINDOWS\system32\ctfmon.exe[2596] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00D84E16
.text C:\WINDOWS\system32\ctfmon.exe[2596] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00D84CE9
.text C:\WINDOWS\system32\ctfmon.exe[2596] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00D84C48
.text C:\WINDOWS\system32\ctfmon.exe[2596] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D83A1B
.text C:\WINDOWS\system32\ctfmon.exe[2596] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D83A58
.text C:\WINDOWS\system32\ctfmon.exe[2596] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D83A7E
.text C:\WINDOWS\system32\ctfmon.exe[2596] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00D8AC94
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 02BE38BA
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 02BE3A83
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 02BE3B2A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 02BD508F
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 02BD51D1
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02BD3A1B
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02BD3A58
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02BD3A7E
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 02BDAC94
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02BD4DD2
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 02BD4E96
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02BD4D8A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 02BD4E65
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 02BD4B96
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 02BD4BEF
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 02BD4E16
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 02BD4CE9
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 02BD4C48
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 013D38BA
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 013D3A83
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 013D3B2A
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 013C508F
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 013C51D1
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 013C4DD2
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 013C4E96
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 013C4D8A
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 013C4E65
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 013C4B96
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 013C4BEF
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 013C4E16
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 013C4CE9
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 013C4C48
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 013C3A1B
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] ws2_32.dll!send 71AB4C27 5 Bytes JMP 013C3A58
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013C3A7E
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3048] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 013CAC94
.text C:\WINDOWS\system32\svchost.exe[3180] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00C638BA
.text C:\WINDOWS\system32\svchost.exe[3180] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C63A83
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00C63B2A
.text C:\WINDOWS\system32\svchost.exe[3180] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00C5508F
.text C:\WINDOWS\system32\svchost.exe[3180] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00C551D1
.text C:\WINDOWS\system32\svchost.exe[3180] wininet.dll!InternetReadFile 3D94654B 5 Bytes JMP 00C54DD2
.text C:\WINDOWS\system32\svchost.exe[3180] wininet.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00C54E96
.text C:\WINDOWS\system32\svchost.exe[3180] wininet.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00C54D8A
.text C:\WINDOWS\system32\svchost.exe[3180] wininet.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00C54E65
.text C:\WINDOWS\system32\svchost.exe[3180] wininet.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00C54B96
.text C:\WINDOWS\system32\svchost.exe[3180] wininet.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00C54BEF
.text C:\WINDOWS\system32\svchost.exe[3180] wininet.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00C54E16
.text C:\WINDOWS\system32\svchost.exe[3180] wininet.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00C54CE9
.text C:\WINDOWS\system32\svchost.exe[3180] wininet.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00C54C48
.text C:\WINDOWS\system32\svchost.exe[3180] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C53A1B
.text C:\WINDOWS\system32\svchost.exe[3180] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00C53A58
.text C:\WINDOWS\system32\svchost.exe[3180] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C53A7E
.text C:\WINDOWS\system32\svchost.exe[3180] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00C5AC94
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 001538BA
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00153A83
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00153B2A
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0014508F
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 001451D1
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00144DD2
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00144E96
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00144D8A
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00144E65
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00144B96
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00144BEF
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00144E16
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00144CE9
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00144C48
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00143A1B
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00143A58
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00143A7E
.text C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe[3320] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0014AC94
.text C:\WINDOWS\Explorer.EXE[3376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[3376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[3376] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\hkcmd.exe[3688] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00CD38BA
.text C:\WINDOWS\system32\hkcmd.exe[3688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CD3A83
.text C:\WINDOWS\system32\hkcmd.exe[3688] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00CD3B2A
.text C:\WINDOWS\system32\hkcmd.exe[3688] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00CC508F
.text C:\WINDOWS\system32\hkcmd.exe[3688] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00CC51D1
.text C:\WINDOWS\system32\hkcmd.exe[3688] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00CC4DD2
.text C:\WINDOWS\system32\hkcmd.exe[3688] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00CC4E96
.text C:\WINDOWS\system32\hkcmd.exe[3688] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00CC4D8A
.text C:\WINDOWS\system32\hkcmd.exe[3688] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00CC4E65
.text C:\WINDOWS\system32\hkcmd.exe[3688] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00CC4B96
.text C:\WINDOWS\system32\hkcmd.exe[3688] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00CC4BEF
.text C:\WINDOWS\system32\hkcmd.exe[3688] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00CC4E16
.text C:\WINDOWS\system32\hkcmd.exe[3688] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00CC4CE9
.text C:\WINDOWS\system32\hkcmd.exe[3688] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00CC4C48
.text C:\WINDOWS\system32\hkcmd.exe[3688] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CC3A1B
.text C:\WINDOWS\system32\hkcmd.exe[3688] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CC3A58
.text C:\WINDOWS\system32\hkcmd.exe[3688] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CC3A7E
.text C:\WINDOWS\system32\hkcmd.exe[3688] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00CCAC94
.text C:\WINDOWS\system32\igfxpers.exe[3700] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 014638BA
.text C:\WINDOWS\system32\igfxpers.exe[3700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01463A83
.text C:\WINDOWS\system32\igfxpers.exe[3700] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01463B2A
.text C:\WINDOWS\system32\igfxpers.exe[3700] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0145508F
.text C:\WINDOWS\system32\igfxpers.exe[3700] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 014551D1
.text C:\WINDOWS\system32\igfxpers.exe[3700] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01454DD2
.text C:\WINDOWS\system32\igfxpers.exe[3700] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01454E96
.text C:\WINDOWS\system32\igfxpers.exe[3700] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01454D8A
.text C:\WINDOWS\system32\igfxpers.exe[3700] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01454E65
.text C:\WINDOWS\system32\igfxpers.exe[3700] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01454B96
.text C:\WINDOWS\system32\igfxpers.exe[3700] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01454BEF
.text C:\WINDOWS\system32\igfxpers.exe[3700] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01454E16
.text C:\WINDOWS\system32\igfxpers.exe[3700] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01454CE9
.text C:\WINDOWS\system32\igfxpers.exe[3700] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01454C48
.text C:\WINDOWS\system32\igfxpers.exe[3700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01453A1B
.text C:\WINDOWS\system32\igfxpers.exe[3700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01453A58
.text C:\WINDOWS\system32\igfxpers.exe[3700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01453A7E
.text C:\WINDOWS\system32\igfxpers.exe[3700] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0145AC94
.text C:\WINDOWS\stsystra.exe[3708] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 015838BA
.text C:\WINDOWS\stsystra.exe[3708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01583A83
.text C:\WINDOWS\stsystra.exe[3708] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01583B2A
.text C:\WINDOWS\stsystra.exe[3708] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0157508F
.text C:\WINDOWS\stsystra.exe[3708] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 015751D1
.text C:\WINDOWS\stsystra.exe[3708] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01574DD2
.text C:\WINDOWS\stsystra.exe[3708] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01574E96
.text C:\WINDOWS\stsystra.exe[3708] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01574D8A
.text C:\WINDOWS\stsystra.exe[3708] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01574E65
.text C:\WINDOWS\stsystra.exe[3708] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01574B96
.text C:\WINDOWS\stsystra.exe[3708] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01574BEF
.text C:\WINDOWS\stsystra.exe[3708] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01574E16
.text C:\WINDOWS\stsystra.exe[3708] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01574CE9
.text C:\WINDOWS\stsystra.exe[3708] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01574C48
.text C:\WINDOWS\stsystra.exe[3708] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0157AC94
.text C:\WINDOWS\stsystra.exe[3708] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01573A1B
.text C:\WINDOWS\stsystra.exe[3708] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01573A58
.text C:\WINDOWS\stsystra.exe[3708] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01573A7E
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 016D38BA
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 016D3A83
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 016D3B2A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 016C508F
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 016C51D1
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 016C4DD2
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 016C4E96
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 016C4D8A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 016C4E65
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 016C4B96
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 016C4BEF
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 016C4E16
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 016C4CE9
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 016C4C48
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016C3A1B
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016C3A58
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016C3A7E
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3724] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 016CAC94
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 019538BA
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01953A83
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01953B2A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0194508F
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 019451D1
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01944DD2
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01944E96
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01944D8A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01944E65
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01944B96
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01944BEF
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01944E16
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01944CE9
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01944C48
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01943A1B
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01943A58
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01943A7E
.text C:\Program Files\Dell\QuickSet\quickset.exe[3732] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0194AC94
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01A538BA
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01A53A83
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01A53B2A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01A4508F
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 01A451D1
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01A43A1B
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01A43A58
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01A43A7E
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01A44DD2
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01A44E96
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01A44D8A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01A44E65
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01A44B96
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01A44BEF
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01A44E16
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01A44CE9
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01A44C48
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3748] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 01A4AC94
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 06AA38BA
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 06AA3A83
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 06AA3B2A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 06A9508F
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 06A951D1
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 06A93A1B
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WS2_32.dll!send 71AB4C27 5 Bytes JMP 06A93A58
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 06A93A7E
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 06A94DD2
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 06A94E96
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 06A94D8A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 06A94E65
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 06A94B96
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 06A94BEF
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 06A94E16
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 06A94CE9
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 06A94C48
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3760] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 06A9AC94
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 015238BA
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01523A83
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01523B2A
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0151508F
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 015151D1
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01514DD2
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01514E96
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01514D8A
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01514E65
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01514B96
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01514BEF
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01514E16
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01514CE9
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01514C48
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01513A1B
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01513A58
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01513A7E
.text C:\WINDOWS\system32\igfxsrvc.exe[3784] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0151AC94
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 011138BA
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01113A83
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01113B2A
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0110508F
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 011051D1
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01104DD2
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01104E96
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01104D8A
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01104E65
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01104B96
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01104BEF
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01104E16
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01104CE9
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01104C48
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0110AC94
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01103A1B
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01103A58
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[3788] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01103A7E
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 010F38BA
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 010F3A83
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 010F3B2A
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 010E508F
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 010E51D1
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 010E4DD2
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 010E4E96
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 010E4D8A
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 010E4E65
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 010E4B96
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 010E4BEF
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 010E4E16
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 010E4CE9
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 010E4C48
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010E3A1B
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010E3A58
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010E3A7E
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3856] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 010EAC94
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 003F38BA
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F3A83
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 003F3B2A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 003E508F
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 003E51D1
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 003E4DD2
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 003E4E96
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 003E4D8A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 003E4E65
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 003E4B96
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 003E4BEF
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 003E4E16
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 003E4CE9
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 003E4C48
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 003E3A1B
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WS2_32.dll!send 71AB4C27 5 Bytes JMP 003E3A58
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 003E3A7E
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3896] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 003EAC94
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00FC38BA
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00FC3A83
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00FC3B2A
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00FB508F
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00FB51D1
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00FB4DD2
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00FB4E96
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00FB4D8A
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00FB4E65
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00FB4B96
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00FB4BEF
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00FB4E16
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00FB4CE9
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00FB4C48
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FB3A1B
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FB3A58
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FB3A7E
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3908] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00FBAC94
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 010E38BA
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 010E3A83
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 010E3B2A
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 010D508F
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 010D51D1
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010D3A1B
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010D3A58
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010D3A7E
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 010D4DD2
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 010D4E96
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 010D4D8A
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 010D4E65
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 010D4B96
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 010D4BEF
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 010D4E16
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 010D4CE9
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 010D4C48
.text C:\Program Files\Digital Line Detect\DLG.exe[3916] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 010DAC94

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat A71EBD20
Device \FileSystem\Fastfat \Fat A7203631

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device -> \Driver\atapi \Device\Harddisk0\DR0 86B35AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}@ SENSReachability Class
Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}@AppID {46BE1C03-ADE6-4031-8897-612D57B7FAF8}
Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}\LocalServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}\LocalServer32@ C:\Program Files\Common Files\AOL\ACS\AOLdialr.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}\ProgID
Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}\ProgID@ ACS.SENSReachability.1
Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}\Programmable
Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}\TypeLib
Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}\TypeLib@ {E6859F27-1554-40e2-984E-75B7D56A936A}
Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2}\VersionIndependentProgID@ ACS.SENSReachability
Reg HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614}
Reg HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614}@ ISENSReachability
Reg HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614}\ProxyStubClsid
Reg HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614}\ProxyStubClsid32
Reg HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614}\TypeLib
Reg HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614}\TypeLib@ {E6859F27-1554-40E2-984E-75B7D56A936A}
Reg HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614}\TypeLib@Version 1.0
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}@ ISensNetwork
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid32
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\TypeLib
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\TypeLib@ {E6859F27-1554-40E2-984E-75B7D56A936A}
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\TypeLib@Version 1.0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0@ SENSReachability 1.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0\win32
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0\win32@ C:\Program Files\Common Files\AOL\ACS\AOLdialr.dll
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\HELPDIR@ C:\Program Files\Common Files\AOL\ACS\

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\mouclass.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
Last edited by Fable on May 20th, 2010, 4:47 pm, edited 1 time in total.
Fable
Regular Member
 
Posts: 45
Joined: November 20th, 2009, 2:02 pm

Re: Malware and browser redirection

Unread postby Fable » May 20th, 2010, 4:20 pm

RSIT log.txt

Logfile of random's system information tool 1.07 (written by random/random)
Run by Sagar at 2010-05-20 21:07:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (53%) free of 54 GB
Total RAM: 1014 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:07:23, on 20/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetWaiting\NetWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\Sagar\My Documents\Downloads\rsit.exe
C:\Program Files\trend micro\Sagar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dial.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [{9972BAAC-8A55-7E95-38B9-639DA799D67B}] "C:\Documents and Settings\Sagar\Application Data\Lyazga\tyyd.exe"
O4 - .DEFAULT User Startup: usicip.exe (User 'Default user')
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6954644515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13299 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll [2010-03-26 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL [2010-02-04 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-06-29 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-06-19 352256]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-08-20 430592]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll [2010-03-26 394608]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182]
"CTSVolFE.exe"=C:\Program Files\Creative\Mixer\CTSVolFE.exe [2005-02-23 57344]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe []
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2007-12-07 71008]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\NetWaiting.exe [2003-09-10 20480]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-07-16 389120]
""= []
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 3660848]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-08-20 2000120]
"AdobeBridge"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"{9972BAAC-8A55-7E95-38B9-639DA799D67B}"=C:\Documents and Settings\Sagar\Application Data\Lyazga\tyyd.exe [2008-09-27 133124]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-03-19 78960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 3660848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
C:\PROGRA~1\AOL9~1.0\aoltray.exe [2004-06-22 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3
"iPod Service"=3
"Apple Mobile Device"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msrr.exe"="C:\Program Files\MSN Messenger\msrr.exe:*:Enabled:Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Documents and Settings\Sagar\My Documents\Downloaded Program Updates\LimeWire\LimeWire.exe"="C:\Documents and Settings\Sagar\My Documents\Downloaded Program Updates\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe"="C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS4"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\NEXON\Europe MapleStory\MapleStory.exe"="C:\Program Files\NEXON\Europe MapleStory\MapleStory.exe:*:Enabled:MapleStory Europe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 3 months======

2010-05-20 09:39:39 ----A---- C:\WINDOWS\system32\stu2.exe
2010-05-13 11:03:58 ----A---- C:\mbam-error.txt
2010-05-12 10:56:59 ----A---- C:\WINDOWS\system32\MRT.INI
2010-05-12 10:49:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-10 00:36:05 ----HD---- C:\WINDOWS\system32\WLANProfiles
2010-05-09 12:29:34 ----D---- C:\Program Files\Google
2010-04-20 18:22:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-15 16:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 16:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 16:56:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-15 16:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 16:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 21:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 20:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-01 15:22:15 ----D---- C:\Program Files\Common Files\McAfee
2010-04-01 13:25:53 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-04-01 13:25:06 ----D---- C:\Program Files\Windows Sidebar
2010-04-01 13:25:06 ----D---- C:\Program Files\Norton Internet Security
2010-04-01 13:25:05 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-04-01 13:22:52 ----D---- C:\Program Files\NortonInstaller
2010-04-01 13:22:52 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-03-10 22:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-02-25 14:01:42 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-02-24 22:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 17:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-23 09:51:18 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of files/folders modified in the last 3 months======

2010-05-20 21:07:20 ----D---- C:\Program Files\Trend Micro
2010-05-20 21:07:17 ----D---- C:\rsit
2010-05-20 21:04:26 ----D---- C:\WINDOWS\Prefetch
2010-05-20 21:04:12 ----D---- C:\WINDOWS\Temp
2010-05-20 20:57:55 ----D---- C:\Documents and Settings\Sagar\Application Data\Owiqs
2010-05-20 20:54:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-05-20 20:51:49 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2010-05-20 20:51:22 ----SHD---- C:\WINDOWS\CSC
2010-05-20 19:40:40 ----HD---- C:\Config.Msi
2010-05-20 19:03:02 ----SD---- C:\WINDOWS\Tasks
2010-05-20 19:01:12 ----D---- C:\WINDOWS\system32
2010-05-20 19:00:20 ----RD---- C:\Program Files
2010-05-20 18:57:29 ----D---- C:\Documents and Settings\Sagar\Application Data\SUPERAntiSpyware.com
2010-05-20 18:57:21 ----SHD---- C:\WINDOWS\Installer
2010-05-20 18:57:21 ----D---- C:\Program Files\Common Files
2010-05-20 18:57:19 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-20 18:55:16 ----D---- C:\Program Files\Java
2010-05-20 17:10:01 ----SHD---- C:\WINDOWS\system32\dllcache
2010-05-20 17:09:55 ----D---- C:\WINDOWS\system32\drivers
2010-05-20 16:11:33 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-20 16:10:43 ----D---- C:\WINDOWS\repair
2010-05-20 14:05:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-20 09:39:01 ----A---- C:\WINDOWS\system32\userinit.exe
2010-05-20 09:31:37 ----D---- C:\WINDOWS
2010-05-20 09:30:13 ----SHD---- C:\System Volume Information
2010-05-20 00:28:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-12 10:49:39 ----HD---- C:\WINDOWS\inf
2010-05-12 10:49:09 ----D---- C:\Program Files\Outlook Express
2010-05-12 10:28:35 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-12 10:26:38 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-09 12:30:25 ----D---- C:\WINDOWS\WinSxS
2010-05-08 19:17:40 ----D---- C:\WINDOWS\SxsCaPendDel
2010-05-08 17:34:01 ----D---- C:\Documents and Settings\All Users\Application Data\Tablet
2010-05-08 10:04:41 ----A---- C:\WINDOWS\win.ini
2010-04-30 19:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-20 20:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2010-04-15 16:57:40 ----A---- C:\WINDOWS\imsins.BAK
2010-04-15 16:50:15 ----D---- C:\WINDOWS\ie8updates
2010-04-13 16:52:41 ----D---- C:\Program Files\Mozilla Firefox
2010-04-09 15:48:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-02 11:56:34 ----D---- C:\Program Files\McAfee
2010-04-01 15:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-04-01 14:10:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-01 13:25:54 ----D---- C:\Program Files\Symantec
2010-04-01 13:20:16 ----D---- C:\Program Files\McAfee.com
2010-03-30 21:24:09 ----D---- C:\Program Files\Internet Explorer
2010-03-19 18:05:50 ----A---- C:\WINDOWS\system32\wmp.dll
2010-03-10 22:09:13 ----D---- C:\Program Files\Movie Maker
2010-03-10 07:15:52 ----A---- C:\WINDOWS\system32\vbscript.dll
2010-02-25 11:54:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-02-25 07:24:37 ----A---- C:\WINDOWS\system32\wininet.dll
2010-02-25 07:24:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-02-25 07:24:37 ----A---- C:\WINDOWS\system32\occache.dll
2010-02-25 07:24:37 ----A---- C:\WINDOWS\system32\mstime.dll
2010-02-25 07:24:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-02-25 07:24:35 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-02-25 07:24:35 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-02-25 07:24:35 ----A---- C:\WINDOWS\system32\jsproxy.dll
2010-02-25 07:24:35 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-02-25 07:24:35 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-02-25 07:24:34 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2010-02-24 10:54:25 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2010-02-23 09:59:56 ----D---- C:\Documents and Settings\Sagar\Application Data\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NIS\1106000.020\ccHPx86.sys [2010-02-26 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2008-01-29 16168]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1106000.020\SRTSP.SYS [2010-02-27 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSPX.SYS [2010-02-27 43696]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1106000.020\Ironx86.SYS [2010-02-27 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1106000.020\SYMTDI.SYS [2010-02-04 362032]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-25 21275]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100513.002\IDSxpx86.sys []
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100520.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100520.002\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-12-03 47408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-26 1429632]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 Mkd2kfNt;Mkd2kfNt; C:\WINDOWS\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]
S3 Mkd2Nadr;Mkd2Nadr; C:\WINDOWS\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-12-03 47408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-10-14 69632]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-08-27 111912]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-08 93320]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [2010-02-26 126392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-12 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe []
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-15 3251520]
S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2008-04-14 26112]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


RSIT info.txt


info.txt logfile of random's system information tool 1.06 2010-05-20 21:07:25

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->C:\Program Files\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe --uninstall=1
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}
Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Any Video Converter 3.0.1-->"C:\Program Files\Any Video Converter\unins000.exe"
AoA Audio Extractor 1.0-->"C:\Program Files\AoA Audio Extractor\unins000.exe"
AOL Coach Version 1.0(Build:20040229.1 uk)-->"C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support 3.2-->MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google SketchUp 7-->MsiExec.exe /X{597E70FF-7C46-4EED-8092-91B7C2E0529D}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LAME v3.98.2 for Audacity-->"C:\Program Files\Audacity\unins001.exe"
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
McAfee Virtual Technician-->MsiExec.exe /I{49FA793C-785E-47E9-93DF-BD442B0B45D1}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\17.6.0.32\InstStub.exe /X
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
Sound Blaster Audigy ADVANCED MB Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 /remove
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======System event log======

Computer Name: REBDSHDMBEWD
Event Code: 7000
Message: The npkcrypt service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 151122
Source Name: Service Control Manager
Time Written: 20100514121241.000000+060
Event Type: error
User:

Computer Name: REBDSHDMBEWD
Event Code: 7000
Message: The McAfee Real-time Scanner service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 151121
Source Name: Service Control Manager
Time Written: 20100514121241.000000+060
Event Type: error
User:

Computer Name: REBDSHDMBEWD
Event Code: 7023
Message: The HP CUE DeviceDiscovery Service service terminated with the following error:
The specified module could not be found.


Record Number: 151120
Source Name: Service Control Manager
Time Written: 20100514121241.000000+060
Event Type: error
User:

Computer Name: REBDSHDMBEWD
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Record Number: 151119
Source Name: Ftdisk
Time Written: 20100514121204.000000+060
Event Type: error
User:

Computer Name: REBDSHDMBEWD
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 151118
Source Name: Ftdisk
Time Written: 20100514121204.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: REBDSHDMBEWD
Event Code: 1001
Message: Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations' failed during request for component '{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}'

Record Number: 101
Source Name: MsiInstaller
Time Written: 20100420182258.000000+060
Event Type: warning
User: REBDSHDMBEWD\Sagar

Computer Name: REBDSHDMBEWD
Event Code: 1004
Message: Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations', component '{26B7A0B4-7051-4C8E-9723-96222086F305}' failed. The resource 'C:\Program Files\HP\Digital Imaging\Bin\hpqacdse.exe' does not exist.

Record Number: 100
Source Name: MsiInstaller
Time Written: 20100420182258.000000+060
Event Type: warning
User: REBDSHDMBEWD\Sagar

Computer Name: REBDSHDMBEWD
Event Code: 11706
Message: Product: Destination Component -- Error 1706. An installation package for the product Destination Component cannot be found. Try the installation again using a valid copy of the installation package 'Destinations.msi'.

Record Number: 98
Source Name: MsiInstaller
Time Written: 20100420182257.000000+060
Event Type: error
User: REBDSHDMBEWD\Sagar

Computer Name: REBDSHDMBEWD
Event Code: 1001
Message: Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations' failed during request for component '{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}'

Record Number: 97
Source Name: MsiInstaller
Time Written: 20100420182236.000000+060
Event Type: warning
User: REBDSHDMBEWD\Sagar

Computer Name: REBDSHDMBEWD
Event Code: 1004
Message: Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations', component '{26B7A0B4-7051-4C8E-9723-96222086F305}' failed. The resource 'C:\Program Files\HP\Digital Imaging\Bin\hpqacdse.exe' does not exist.

Record Number: 96
Source Name: MsiInstaller
Time Written: 20100420182236.000000+060
Event Type: warning
User: REBDSHDMBEWD\Sagar

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Fable
Regular Member
 
Posts: 45
Joined: November 20th, 2009, 2:02 pm

Re: Malware and browser redirection

Unread postby Fable » May 20th, 2010, 4:31 pm

As for my computers performance at the moment, the browser redirections occur on and off when i click a google link sometimes.

My antivirus Norton still continues to pick up threats such as 'mouclass.sys (Backdoor.Tidserv.I!inf), old135f.tmp (Backdoor.Tidserv.I!inf) etc, which all require manual removal.

Also i cant boot into safe mode, i keep getting a blue screen message saying that the cause could be because of a virus.

Anyway, thank you again for ur time, much appriciated.
Fable
Regular Member
 
Posts: 45
Joined: November 20th, 2009, 2:02 pm

Re: Malware and browser redirection

Unread postby Cypher » May 21st, 2010, 6:53 am

Hi Fable.
thank you again for ur time, much appriciated.

You're most welcome.
There are a few things to do here just take you're time you will be fine :)


Your computer was infected with a ROOTKIT. In particular, the TDL3/TDSS rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore it may be prudent to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

What are rootkits from Wikipedia

How do I respond to a possible identity theft and how do I prevent it


This can prove difficult to remove so we will try the easiest way first.
Let me know if you're searches are still being redirected after this fix.


TDSSKiller
  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy the text in the codebox below, Do not include the word Code:
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • A log file should be created on your desktop called tdskiller.txt, Please post the contents of that log in your next reply.


Next.

Fix HijackThis entries

Run HijackThis

  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKCU\..\Run: [{9972BAAC-8A55-7E95-38B9-639DA799D67B}] "C:\Documents and Settings\Sagar\Application Data\Lyazga\tyyd.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.


Next.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Services
    npggsvc
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    ""=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\MSN Messenger\msrr.exe"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Documents and Settings\Sagar\My Documents\Downloaded Program Updates\LimeWire\LimeWire.exe"=-
    
    :Files
    C:\WINDOWS\system32\GameMon.des.exe
    C:\WINDOWS\system32\GameMon.des
    C:\Program Files\MSN Messenger\msrr.exe
    C:\Documents and Settings\Sagar\Application Data\Lyazga
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Documents and Settings\Sagar\My Documents\Downloaded Program Updates\LimeWire
    C:\WINDOWS\system32\stu2.exe
    C:\Documents and Settings\Sagar\Application Data\Owiqs
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Logs/Information to Post in your Next Reply

  • tdskiller.txt log.
  • OTM log.
  • RSIT log.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware and browser redirection

Unread postby Fable » May 21st, 2010, 8:36 am

Hi Cypher,

thanks for letting me know, this Win32/Alureon rootkit seems pretty bad. I went ahead and changed my passwords.

Here are the logs:

tdskiller.txt log

12:14:43:953 6116 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
12:14:43:953 6116 ================================================================================
12:14:43:953 6116 SystemInfo:

12:14:43:953 6116 OS Version: 5.1.2600 ServicePack: 3.0
12:14:43:953 6116 Product type: Workstation
12:14:43:953 6116 ComputerName: REBDSHDMBEWD
12:14:43:953 6116 UserName: Sagar
12:14:43:953 6116 Windows directory: C:\WINDOWS
12:14:43:953 6116 Processor architecture: Intel x86
12:14:43:953 6116 Number of processors: 2
12:14:43:953 6116 Page size: 0x1000
12:14:43:953 6116 Boot type: Normal boot
12:14:43:953 6116 ================================================================================
12:14:43:968 6116 UnloadDriverW: NtUnloadDriver error 2
12:14:43:968 6116 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
12:14:44:281 6116 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
12:14:44:281 6116 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:14:44:281 6116 wfopen_ex: Trying to KLMD file open
12:14:44:281 6116 wfopen_ex: File opened ok (Flags 2)
12:14:44:281 6116 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
12:14:44:281 6116 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:14:44:281 6116 wfopen_ex: Trying to KLMD file open
12:14:44:281 6116 wfopen_ex: File opened ok (Flags 2)
12:14:44:281 6116 KLAVA engine initialized
12:14:44:625 6116 Initialize success
12:14:44:640 6116
12:14:44:640 6116 Scanning Services ...
12:14:45:390 6116 Raw services enum returned 404 services
12:14:45:406 6116
12:14:45:406 6116 Scanning Drivers ...
12:14:45:796 6116 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:14:45:875 6116 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:14:45:906 6116 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:14:46:000 6116 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
12:14:46:031 6116 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:14:46:078 6116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:14:46:156 6116 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:14:46:390 6116 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
12:14:46:531 6116 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:14:46:578 6116 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:14:46:625 6116 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:14:46:656 6116 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:14:46:671 6116 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:14:46:703 6116 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:14:46:734 6116 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:14:46:765 6116 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:14:46:796 6116 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:14:46:843 6116 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
12:14:46:968 6116 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:14:47:015 6116 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:14:47:046 6116 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:14:47:078 6116 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:14:47:093 6116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:14:47:140 6116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:14:47:171 6116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:14:47:218 6116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:14:47:250 6116 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
12:14:47:328 6116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:14:47:578 6116 BHDrvx86 (42c9ab61989e29953ce2d266f891ea50) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys
12:14:47:750 6116 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:14:47:765 6116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:14:47:906 6116 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
12:14:47:953 6116 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:14:48:000 6116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:14:48:046 6116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:14:48:078 6116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:14:48:156 6116 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:14:48:265 6116 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:14:48:328 6116 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:14:48:359 6116 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:14:48:390 6116 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:14:48:421 6116 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:14:48:437 6116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:14:48:484 6116 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:14:48:562 6116 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:14:48:593 6116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:14:48:640 6116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:14:48:812 6116 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:14:48:843 6116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:14:48:875 6116 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
12:14:48:921 6116 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
12:14:49:062 6116 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
12:14:49:109 6116 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:14:49:187 6116 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:14:49:234 6116 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:14:49:625 6116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:14:49:906 6116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:14:50:062 6116 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:14:50:125 6116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:14:50:187 6116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:14:50:218 6116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:14:50:250 6116 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:14:50:312 6116 GearAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
12:14:50:703 6116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:14:50:781 6116 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:14:50:843 6116 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:14:50:890 6116 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:14:50:937 6116 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:14:51:062 6116 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:14:51:093 6116 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:14:51:171 6116 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:14:51:296 6116 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:14:51:562 6116 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:14:51:656 6116 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:14:51:687 6116 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:14:51:750 6116 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:14:51:859 6116 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:14:52:140 6116 IDSxpx86 (6e42876010256ee5119baf0838574e0c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100513.002\IDSxpx86.sys
12:14:52:359 6116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:14:52:437 6116 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:14:52:468 6116 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:14:52:515 6116 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:14:52:578 6116 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:14:52:625 6116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:14:52:656 6116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:14:52:687 6116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:14:52:734 6116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:14:52:750 6116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:14:52:781 6116 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:14:52:796 6116 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:14:52:843 6116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:14:52:921 6116 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:14:53:031 6116 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:14:53:078 6116 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
12:14:53:125 6116 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
12:14:53:187 6116 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
12:14:53:265 6116 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
12:14:53:359 6116 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
12:14:53:421 6116 Mkd2kfNt (277b8b3536c1179fe432ef2dde294a97) C:\WINDOWS\system32\drivers\Mkd2kfNt.sys
12:14:53:656 6116 Mkd2Nadr (0716efda4769995c67a3450fcd36e47e) C:\WINDOWS\system32\drivers\Mkd2Nadr.sys
12:14:53:718 6116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:14:53:765 6116 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:14:53:812 6116 Mouclass (7e01136748c4faaec6795fda3663a94b) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:14:53:812 6116 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: 7e01136748c4faaec6795fda3663a94b, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
12:14:53:812 6116 File "C:\WINDOWS\system32\DRIVERS\mouclass.sys" infected by TDSS rootkit ... 12:14:57:421 6116 Backup copy found, using it..
12:14:58:218 6116 will be cured on next reboot
12:14:58:359 6116 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:14:58:421 6116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:14:58:484 6116 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:14:58:500 6116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:14:58:578 6116 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:14:58:609 6116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:14:58:640 6116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:14:58:656 6116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:14:58:687 6116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:14:58:734 6116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:14:58:750 6116 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
12:14:58:968 6116 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100520.039\NAVENG.SYS
12:14:59:093 6116 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100520.039\NAVEX15.SYS
12:14:59:312 6116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:14:59:343 6116 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:14:59:390 6116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:14:59:421 6116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:14:59:453 6116 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
12:14:59:468 6116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:14:59:515 6116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:14:59:546 6116 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:14:59:562 6116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:14:59:671 6116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:14:59:828 6116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:14:59:937 6116 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:15:00:015 6116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:15:00:218 6116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:15:00:265 6116 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:15:00:375 6116 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
12:15:00:453 6116 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
12:15:00:515 6116 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:15:00:546 6116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:15:00:578 6116 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:15:00:625 6116 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:15:00:640 6116 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:15:00:671 6116 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:15:00:781 6116 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:15:00:828 6116 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:15:00:875 6116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:15:00:953 6116 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:15:01:000 6116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:15:01:093 6116 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:15:01:250 6116 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:15:01:281 6116 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:15:01:312 6116 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:15:01:375 6116 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:15:01:406 6116 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:15:01:453 6116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:15:01:468 6116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:15:01:546 6116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:15:01:609 6116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:15:01:687 6116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:15:01:718 6116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:15:01:750 6116 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:15:01:796 6116 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
12:15:01:843 6116 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:15:01:875 6116 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:15:01:890 6116 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
12:15:01:921 6116 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
12:15:02:000 6116 s24trans (2c0e9e777ab1849b43494626c1f308b5) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:15:02:171 6116 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:15:02:390 6116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:15:02:453 6116 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:15:02:500 6116 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:15:02:562 6116 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
12:15:02:593 6116 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
12:15:02:625 6116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:15:02:671 6116 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:15:02:703 6116 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:15:02:734 6116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:15:02:781 6116 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:15:02:921 6116 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1106000.020\SRTSP.SYS
12:15:03:343 6116 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
12:15:03:546 6116 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
12:15:03:859 6116 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
12:15:04:234 6116 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
12:15:04:375 6116 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
12:15:04:484 6116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:15:04:515 6116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:15:04:562 6116 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:15:04:593 6116 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:15:04:671 6116 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS
12:15:04:828 6116 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
12:15:04:921 6116 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:15:04:953 6116 SymIM (cbed7908f980660f9117cdcdf20295bd) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:15:04:984 6116 SymIMMP (cbed7908f980660f9117cdcdf20295bd) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:15:05:046 6116 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
12:15:05:265 6116 SYMTDI (2d60a37fee3d6f763cd3cf4509dcdd43) C:\WINDOWS\System32\Drivers\NIS\1106000.020\SYMTDI.SYS
12:15:05:343 6116 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:15:05:375 6116 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:15:05:437 6116 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:15:05:515 6116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:15:05:578 6116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:15:05:640 6116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:15:05:671 6116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:15:05:734 6116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:15:05:781 6116 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
12:15:05:859 6116 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
12:15:05:875 6116 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
12:15:05:890 6116 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
12:15:05:921 6116 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
12:15:05:953 6116 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
12:15:05:968 6116 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
12:15:06:000 6116 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
12:15:06:000 6116 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
12:15:06:078 6116 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:15:06:140 6116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:15:06:296 6116 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:15:06:406 6116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:15:06:468 6116 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:15:06:546 6116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:15:06:625 6116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:15:06:640 6116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:15:06:718 6116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:15:06:765 6116 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:15:06:843 6116 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:15:06:875 6116 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:15:06:937 6116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:15:07:000 6116 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:15:07:031 6116 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:15:07:218 6116 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:15:07:312 6116 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys
12:15:07:453 6116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:15:07:500 6116 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
12:15:07:562 6116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:15:07:640 6116 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:15:07:718 6116 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:15:07:750 6116 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:15:07:812 6116 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:15:07:859 6116 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:15:07:906 6116 Reboot required for cure complete..
12:15:08:296 6116 Cure on reboot scheduled successfully
12:15:08:296 6116
12:15:08:296 6116 Completed
12:15:08:296 6116
12:15:08:296 6116 Results:
12:15:08:296 6116 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
12:15:08:296 6116 File objects infected / cured / cured on reboot: 1 / 0 / 1
12:15:08:296 6116
12:15:08:296 6116 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
12:15:08:296 6116 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
12:15:08:296 6116 UnloadDriverW: NtUnloadDriver error 1
12:15:08:437 6116 KLMD(ARK) unloaded successfully


OTM log


All processes killed
========== SERVICES/DRIVERS ==========
Service npggsvc stopped successfully!
Service npggsvc deleted successfully!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\MSN Messenger\msrr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Sagar\My Documents\Downloaded Program Updates\LimeWire\LimeWire.exe deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\GameMon.des.exe not found.
C:\WINDOWS\system32\GameMon.des moved successfully.
C:\Program Files\MSN Messenger\msrr.exe moved successfully.
C:\Documents and Settings\Sagar\Application Data\Lyazga folder moved successfully.
File/Folder C:\Program Files\LimeWire\LimeWire.exe not found.
File/Folder C:\Documents and Settings\Sagar\My Documents\Downloaded Program Updates\LimeWire not found.
C:\WINDOWS\system32\stu2.exe moved successfully.
C:\Documents and Settings\Sagar\Application Data\Owiqs folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 824320 bytes
->Temporary Internet Files folder emptied: 299519 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 580988 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 718194 bytes
->Flash cache emptied: 1324 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38022582 bytes
->Java cache emptied: 144835 bytes
->Flash cache emptied: 16559 bytes

User: Sagar
->Temp folder emptied: 203730217 bytes
->Temporary Internet Files folder emptied: 10322214 bytes
->Java cache emptied: 62486639 bytes
->FireFox cache emptied: 108136498 bytes
->Flash cache emptied: 1598678 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 109681 bytes
%systemroot%\System32 .tmp files removed: 2725138 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 225767241 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23950998 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 648.00 mb


OTM by OldTimer - Version 3.1.12.0 log created on 05212010_124446

Files moved on Reboot...
C:\Documents and Settings\Sagar\Local Settings\Temp\in6.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_12c.dat not found!

Registry entries deleted on Reboot...
Fable
Regular Member
 
Posts: 45
Joined: November 20th, 2009, 2:02 pm

Re: Malware and browser redirection

Unread postby Fable » May 21st, 2010, 8:38 am

info.txt

info.txt logfile of random's system information tool 1.06 2010-05-21 13:28:17

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->C:\Program Files\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe --uninstall=1
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}
Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Any Video Converter 3.0.1-->"C:\Program Files\Any Video Converter\unins000.exe"
AoA Audio Extractor 1.0-->"C:\Program Files\AoA Audio Extractor\unins000.exe"
AOL Coach Version 1.0(Build:20040229.1 uk)-->"C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support 3.2-->MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Google SketchUp 7-->MsiExec.exe /X{597E70FF-7C46-4EED-8092-91B7C2E0529D}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LAME v3.98.2 for Audacity-->"C:\Program Files\Audacity\unins001.exe"
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
McAfee Virtual Technician-->MsiExec.exe /I{49FA793C-785E-47E9-93DF-BD442B0B45D1}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\17.7.0.12\InstStub.exe /X
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
Sound Blaster Audigy ADVANCED MB Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 /remove
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======System event log======

Computer Name: REBDSHDMBEWD
Event Code: 7000
Message: The McAfee Real-time Scanner service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 151200
Source Name: Service Control Manager
Time Written: 20100514145912.000000+060
Event Type: error
User:

Computer Name: REBDSHDMBEWD
Event Code: 7023
Message: The HP CUE DeviceDiscovery Service service terminated with the following error:
The specified module could not be found.


Record Number: 151199
Source Name: Service Control Manager
Time Written: 20100514145912.000000+060
Event Type: error
User:

Computer Name: REBDSHDMBEWD
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Record Number: 151198
Source Name: Ftdisk
Time Written: 20100514145840.000000+060
Event Type: error
User:

Computer Name: REBDSHDMBEWD
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 151197
Source Name: Ftdisk
Time Written: 20100514145840.000000+060
Event Type: error
User:

Computer Name: REBDSHDMBEWD
Event Code: 256
Message: Timed out sending notification of device interface change to window of "SAS window"

Record Number: 151180
Source Name: PlugPlayManager
Time Written: 20100514133343.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: REBDSHDMBEWD
Event Code: 1001
Message: Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations' failed during request for component '{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}'

Record Number: 101
Source Name: MsiInstaller
Time Written: 20100420182258.000000+060
Event Type: warning
User: REBDSHDMBEWD\Sagar

Computer Name: REBDSHDMBEWD
Event Code: 1004
Message: Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations', component '{26B7A0B4-7051-4C8E-9723-96222086F305}' failed. The resource 'C:\Program Files\HP\Digital Imaging\Bin\hpqacdse.exe' does not exist.

Record Number: 100
Source Name: MsiInstaller
Time Written: 20100420182258.000000+060
Event Type: warning
User: REBDSHDMBEWD\Sagar

Computer Name: REBDSHDMBEWD
Event Code: 11706
Message: Product: Destination Component -- Error 1706. An installation package for the product Destination Component cannot be found. Try the installation again using a valid copy of the installation package 'Destinations.msi'.

Record Number: 98
Source Name: MsiInstaller
Time Written: 20100420182257.000000+060
Event Type: error
User: REBDSHDMBEWD\Sagar

Computer Name: REBDSHDMBEWD
Event Code: 1001
Message: Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations' failed during request for component '{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}'

Record Number: 97
Source Name: MsiInstaller
Time Written: 20100420182236.000000+060
Event Type: warning
User: REBDSHDMBEWD\Sagar

Computer Name: REBDSHDMBEWD
Event Code: 1004
Message: Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations', component '{26B7A0B4-7051-4C8E-9723-96222086F305}' failed. The resource 'C:\Program Files\HP\Digital Imaging\Bin\hpqacdse.exe' does not exist.

Record Number: 96
Source Name: MsiInstaller
Time Written: 20100420182236.000000+060
Event Type: warning
User: REBDSHDMBEWD\Sagar

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


log.txt

Logfile of random's system information tool 1.07 (written by random/random)
Run by Sagar at 2010-05-21 13:28:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (60%) free of 54 GB
Total RAM: 1014 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:28:15, on 21/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetWaiting\NetWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\Sagar\My Documents\Downloads\rsit.exe
C:\Program Files\trend micro\Sagar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dial.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [{9972BAAC-8A55-7E95-38B9-639DA799D67B}] "C:\Documents and Settings\Sagar\Application Data\Lyazga\tyyd.exe"
O4 - .DEFAULT User Startup: usicip.exe (User 'Default user')
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6954644515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13391 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL [2010-05-14 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-06-29 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-06-19 352256]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-08-20 430592]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13 394608]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182]
"CTSVolFE.exe"=C:\Program Files\Creative\Mixer\CTSVolFE.exe [2005-02-23 57344]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe []
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2007-12-07 71008]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\NetWaiting.exe [2003-09-10 20480]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-07-16 389120]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 3660848]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-08-20 2000120]
"AdobeBridge"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"{9972BAAC-8A55-7E95-38B9-639DA799D67B}"=C:\Documents and Settings\Sagar\Application Data\Lyazga\tyyd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1235323325\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe"="C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS4"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\NEXON\Europe MapleStory\MapleStory.exe"="C:\Program Files\NEXON\Europe MapleStory\MapleStory.exe:*:Enabled:MapleStory Europe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 3 months======

2010-05-21 12:44:46 ----D---- C:\_OTM
2010-05-21 12:40:35 ----D---- C:\WINDOWS\ERDNT
2010-05-21 12:40:01 ----D---- C:\Program Files\ERUNT
2010-05-13 11:03:58 ----A---- C:\mbam-error.txt
2010-05-12 10:56:59 ----A---- C:\WINDOWS\system32\MRT.INI
2010-05-12 10:49:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-10 00:36:05 ----HD---- C:\WINDOWS\system32\WLANProfiles
2010-05-09 12:29:34 ----D---- C:\Program Files\Google
2010-04-20 18:22:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-15 16:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 16:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 16:56:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-15 16:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 16:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 21:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 20:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-01 15:22:15 ----D---- C:\Program Files\Common Files\McAfee
2010-04-01 13:25:53 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-04-01 13:25:06 ----D---- C:\Program Files\Windows Sidebar
2010-04-01 13:25:06 ----D---- C:\Program Files\Norton Internet Security
2010-04-01 13:25:05 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-04-01 13:22:52 ----D---- C:\Program Files\NortonInstaller
2010-04-01 13:22:52 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-03-10 22:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-02-25 14:01:42 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-02-24 22:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 17:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-23 09:51:18 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of files/folders modified in the last 3 months======

2010-05-21 13:28:12 ----D---- C:\Program Files\Trend Micro
2010-05-21 13:28:10 ----D---- C:\rsit
2010-05-21 13:25:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-05-21 13:24:42 ----D---- C:\WINDOWS\Temp
2010-05-21 13:23:22 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2010-05-21 13:23:04 ----SHD---- C:\System Volume Information
2010-05-21 13:21:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-21 13:14:24 ----RSH---- C:\boot.ini
2010-05-21 13:14:24 ----A---- C:\WINDOWS\win.ini
2010-05-21 13:14:24 ----A---- C:\WINDOWS\system.ini
2010-05-21 13:14:12 ----D---- C:\WINDOWS\Prefetch
2010-05-21 13:12:50 ----D---- C:\WINDOWS\Help
2010-05-21 13:02:20 ----SHD---- C:\WINDOWS\CSC
2010-05-21 12:48:36 ----D---- C:\WINDOWS
2010-05-21 12:46:06 ----D---- C:\WINDOWS\system32
2010-05-21 12:44:50 ----D---- C:\Program Files\MSN Messenger
2010-05-21 12:40:01 ----RD---- C:\Program Files
2010-05-21 12:20:23 ----D---- C:\WINDOWS\system32\drivers
2010-05-21 12:20:19 ----HD---- C:\WINDOWS\inf
2010-05-21 12:19:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-20 19:40:40 ----HD---- C:\Config.Msi
2010-05-20 19:03:02 ----SD---- C:\WINDOWS\Tasks
2010-05-20 18:57:29 ----D---- C:\Documents and Settings\Sagar\Application Data\SUPERAntiSpyware.com
2010-05-20 18:57:21 ----SHD---- C:\WINDOWS\Installer
2010-05-20 18:57:21 ----D---- C:\Program Files\Common Files
2010-05-20 18:57:19 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-20 18:55:16 ----D---- C:\Program Files\Java
2010-05-20 17:10:01 ----SHD---- C:\WINDOWS\system32\dllcache
2010-05-20 16:11:33 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-20 16:10:43 ----D---- C:\WINDOWS\repair
2010-05-20 09:39:01 ----A---- C:\WINDOWS\system32\userinit.exe
2010-05-12 10:49:09 ----D---- C:\Program Files\Outlook Express
2010-05-12 10:28:35 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-12 10:26:38 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-09 12:30:25 ----D---- C:\WINDOWS\WinSxS
2010-05-08 19:17:40 ----D---- C:\WINDOWS\SxsCaPendDel
2010-05-08 17:34:01 ----D---- C:\Documents and Settings\All Users\Application Data\Tablet
2010-04-30 19:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-20 20:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2010-04-15 16:57:40 ----A---- C:\WINDOWS\imsins.BAK
2010-04-15 16:50:15 ----D---- C:\WINDOWS\ie8updates
2010-04-13 16:52:41 ----D---- C:\Program Files\Mozilla Firefox
2010-04-09 15:48:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-02 11:56:34 ----D---- C:\Program Files\McAfee
2010-04-01 15:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-04-01 14:10:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-01 13:25:54 ----D---- C:\Program Files\Symantec
2010-04-01 13:20:16 ----D---- C:\Program Files\McAfee.com
2010-03-30 21:24:09 ----D---- C:\Program Files\Internet Explorer
2010-03-19 18:05:50 ----A---- C:\WINDOWS\system32\wmp.dll
2010-03-10 22:09:13 ----D---- C:\Program Files\Movie Maker
2010-03-10 07:15:52 ----A---- C:\WINDOWS\system32\vbscript.dll
2010-02-25 11:54:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-02-25 07:24:37 ----A---- C:\WINDOWS\system32\wininet.dll
2010-02-25 07:24:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-02-25 07:24:37 ----A---- C:\WINDOWS\system32\occache.dll
2010-02-25 07:24:37 ----A---- C:\WINDOWS\system32\mstime.dll
2010-02-25 07:24:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-02-25 07:24:35 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-02-25 07:24:35 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-02-25 07:24:35 ----A---- C:\WINDOWS\system32\jsproxy.dll
2010-02-25 07:24:35 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-02-25 07:24:35 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-02-25 07:24:34 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2010-02-24 10:54:25 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2010-02-23 09:59:56 ----D---- C:\Documents and Settings\Sagar\Application Data\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2008-01-29 16168]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS [2010-04-22 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS [2010-04-22 43696]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS [2010-05-06 361904]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-25 21275]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100513.002\IDSxpx86.sys []
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100520.039\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100520.039\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-05-06 47408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-26 1429632]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 Mkd2kfNt;Mkd2kfNt; C:\WINDOWS\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]
S3 Mkd2Nadr;Mkd2Nadr; C:\WINDOWS\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-05-06 47408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-10-14 69632]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-08-27 111912]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-08 93320]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-12 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe []
S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2008-04-14 26112]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Fable
Regular Member
 
Posts: 45
Joined: November 20th, 2009, 2:02 pm

Re: Malware and browser redirection

Unread postby Fable » May 21st, 2010, 8:49 am

As for my computers performance, one thing that ive noticed after completing the OTM scan, was that when i start up my computer and log in, my screen (except for my background desktop image) appears completly blank, no start button, desktop icons or task bar. (i try restarting my computer but it happens during every log in)

I can still use the ctrl+alt+delete buttons to bring up task manager. Then when i type c: into 'Run', all the icons and task bar suddenly appear all together.

What is this problem that's occuring?

I should also let you know that when i used Hijackthis to fix the enteries, the following did not dissapear when i rescanned afterwards:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKCU\..\Run: [{9972BAAC-8A55-7E95-38B9-639DA799D67B}] "C:\Documents and Settings\Sagar\Application Data\Lyazga\tyyd.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

Are these enteries suppose to be removed?

Thanks again Cypher.
Fable
Regular Member
 
Posts: 45
Joined: November 20th, 2009, 2:02 pm

Re: Malware and browser redirection

Unread postby Cypher » May 21st, 2010, 11:02 am

Hi Fable.
Nothing that OTM removed would of caused the problem you are having when you restart you're computer.
Let me know if it keeps happening.
Don't worry about those HJT lines for now, are you're searches still redirected?
I need you to upload a file for me to get it tested, post the results in you're next reply.


Please go to jotti.org

Copy/paste this file and path into the white box at the top:
C:\Documents and Settings\Sagar\Application Data\Lyazga\tyyd.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

If you have trouble using jotti try Virustotal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware and browser redirection

Unread postby Fable » May 21st, 2010, 11:31 am

Hi Cypher,

I tried restarting my computer a few times, and the same blank screen problem occurs (with the icons and start button not appearing).

As for the redirections, i havent been getting any since, but since the problem is on and off, ill keep trying just to make sure.

I tried putting C:\Documents and Settings\Sagar\Application Data\Lyazga\tyyd.exe into both jotti.org and virustotal, but both times a message saying 'path does not exist' came up. I tried searching for the file on my comp, but again, it couldnt be found.
Fable
Regular Member
 
Posts: 45
Joined: November 20th, 2009, 2:02 pm

Re: Malware and browser redirection

Unread postby Cypher » May 21st, 2010, 11:51 am

Hi Fable.
Ok please continue with the instructions below.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    tyyd.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Next.

Disable Norton Internet Security

  • Start Norton Internet Security.
  • In the left pane, click Status & Settings.
  • Click Security.
  • Click Turn off.
  • Note: Don't forget to re-enable it after thebelow scan.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



Logs/Information to Post in your Next Reply

  • SystemLook.txt log.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware