Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox redirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox redirection

Unread postby hatespammers » May 29th, 2010, 9:16 pm

Hi......I have this problem that when I do a google search in firefox and try to go to one of the sites given by the search I sometimes (about 30% of the time) find that I am redirected to another site totally unrelated to the site address I clicked on. I can hit the back button and after trying a couple of times I will eventually get to the site I want. The most common site I am redirected to is http://www.google.com/webhp however it seems pretty random.

For example, I just google searched for "copy shop officeworks" got the google list and then clicked on the "en.wikipedia.org/wiki/Officeworks" link fully expecting to go to wikipedia, but I ended up at http://savor.com/search.php, second time I tried I got to http://www.safecompare.com/?mkt=au&keyw ... archco.com and finally on the third attempt I got to http://en.wikipedia.org/wiki/Officeworks the site I was after.

Don't know if it is related but at the same time this all started happening I found that whenever I reboot my machine I have to go and manually start DHCP client and Themes through control panel/administrative tools/services in order to connect to the internet and get my screen theme working.

Hijackthis log and uninstall list follows........thanks in advance

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:40 AM, on 30/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vtune\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\V0350Mon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\SqueezeCenter\SqueezeTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Qlock\qlock.exe
C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Messenger Plus Live Australia Toolbar - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Messenger Plus Live Australia Toolbar - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus Live Australia Toolbar - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /F "C:\WINDOWS\TEMP\E_SEA.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /F "C:\WINDOWS\TEMP\E_S3.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A58EA309-CE0A-49C4-A18C-31F77FE681E9} (GetInfo.MainClass) - https://www.bppassport.com/diligent/GetInfo.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

.....and here's the uninstall list

3-4 MathsPOWER
3DVIA player 5.0
4-5 MathsPOWER
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Color Common Settings
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.2
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask.com Search Assistant 1.0.1
Bonjour
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner
Condemned - Criminal Origins
Creative Live! Cam Center
Creative Live! Cam Doodling
Creative Live! Cam FX Creator
Creative Live! Cam Manager
Creative Live! Cam User's Guide
Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Cryostasis (Remove Only)
Crysis(R)
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
ESCX4700_4100 User's Guide
EVEREST Home Edition v2.20
EzImplant-CDViewer
F.E.A.R. 2: Project Origin
Fallout 3 - Game of the Year Edition
FEAR
Garry's Mod
Gigabyte Raid Configurer
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iTunes
Java(TM) 6 Update 19
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Left 4 Dead
LimeWire 4.16.6
LogMeIn
MagicTune Premium
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Messenger Plus! Live
Messenger_Plus_Live_Australia Toolbar
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.6.3)
MSVCRT
Nero 7 Essentials
NetLimiter 2 Monitor (remove only)
ninemsn Internet Software
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 1.7.0105.35.0
OpenAL
Partition Commander 10 Professional
PC Wizard 2010.1.92
Penumbra Overture
Penumbra: Black Plague
Penumbra: Requiem
PIF DESIGNER
Portal
Python 2.5.1
Qlock Lite
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RivaTuner v2.24
S.T.A.L.K.E.R. - Shadow of Chernobyl
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
SereneScreen Marine Aquarium 2.6
SightSpeed (remove only)
Spybot - Search & Destroy
SqueezeCenter 7.3.2
Steam
SUPERAntiSpyware
System Requirements Lab
System Requirements Lab
TBS WMP Plug-in
Team Fortress 2
Ulead DVD MovieFactory 5 Plus
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VideoLAN VLC media player 0.8.6c
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vtune 5.1
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
wxPython 2.8.7.1 (ansi) for Python 2.5
Xfire (remove only)
hatespammers
Active Member
 
Posts: 8
Joined: May 29th, 2010, 8:23 pm
Advertisement
Register to Remove

Re: Firefox redirection

Unread postby Cypher » May 30th, 2010, 12:05 pm

Hi and welcome to Malware Removal Forums.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

  • If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    LimeWire 4.16.6

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

While you are in Add/remove programs uninstall the following also.
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Ask.com Search Assistant 1.0.1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Messenger Plus! Live
Messenger_Plus_Live_Australia Toolbar
Spybot - Search & Destroy

Spybot - Search & Destroy

Note: "If asked whether you want to remove all settings, answer YES"
(This will remove the immunization and Teatimer settings.)

Now please reboot your system.



Next.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Double-click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)


Logs/Information to Post in your Next Reply

  • CKFiles.txt log.
  • Gmer.txt log.
  • RSIT log.txt and info.txt contents.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox redirection

Unread postby hatespammers » May 31st, 2010, 9:39 am

Hi Cypher......thanks so much for your help and prompt response.

All uninstalls completed successfully. Files you requested now follow - have to split Gmer.txt cause too long - will post RSIT results in a separate post

CKFiles.txt

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

Gmer.txt

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 23:13:57
Windows 5.1.2600 Service Pack 3
Running: rtp8vmv4.exe; Driver: C:\DOCUME~1\Rod\LOCALS~1\Temp\kxnciuoc.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xBA6BE0D0]
SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]
SSDT sptd.sys ZwOpenKey [0xBA6BE0B0]
SSDT sptd.sys ZwQueryKey [0xBA6C4418]
SSDT sptd.sys ZwQueryValueKey [0xBA6C4298]
SSDT sptd.sys ZwSetValueKey [0xBA6C44AA]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB69F4620]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB4C6D581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB4C6D5AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB4C6D515]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB4C6D541]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB4C6D5D5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB4C6D595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB4C6D52B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB4C6D56D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB4C6D5EB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB4C6D5BF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP B4C6D5C3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B4C6D585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP B4C6D5D9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP B4C6D5EF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83CA 7 Bytes JMP B4C6D599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11EA 5 Bytes JMP B4C6D5AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP B4C6D571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP B4C6D52F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP B4C6D519 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 7 Bytes JMP B4C6D545 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB972A360, 0x32DEFD, 0xE8000020]
.text USBPORT.SYS!DllUnload B970A8AC 5 Bytes JMP 8A7C4568
.rsrc C:\WINDOWS\System32\DRIVERS\RDPCDD.sys entry point in ".rsrc" section [0xBADEAC14]
init C:\WINDOWS\system32\Drivers\V0350Afx.sys entry point in "init" section [0xB6B18800]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 016A0FEF
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 016A009D
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 016A008C
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 016A0FA8
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 016A0065
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 016A0040
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 016A0F66
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 016A0F83
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016A0F4B
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016A00E4
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016A00FF
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 016A0FB9
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 016A0FDE
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 016A00AE
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 016A0025
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 016A0014
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 016A00C9
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF008A
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0FCD
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1F, 89]
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0065
.text C:\WINDOWS\system32\services.exe[956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0042
.text C:\WINDOWS\system32\services.exe[956] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0FB7
.text C:\WINDOWS\system32\services.exe[956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA001D
.text C:\WINDOWS\system32\services.exe[956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\services.exe[956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0FC8
.text C:\WINDOWS\system32\services.exe[956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\services.exe[956] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\services.exe[956] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\services.exe[956] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D80FCA
.text C:\WINDOWS\system32\services.exe[956] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D80FB9
.text C:\WINDOWS\system32\services.exe[956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC0F84
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC006F
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0FA1
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0FB2
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC009B
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC008A
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC0F1D
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC0F38
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC00DB
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC0FC3
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0F69
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC0036
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC00AC
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DE0025
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DE0F83
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DE0FCA
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DE000A
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DE0F9E
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DE0040
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DE0FB9
.text C:\WINDOWS\system32\lsass.exe[968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DD005A
.text C:\WINDOWS\system32\lsass.exe[968] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DD0049
.text C:\WINDOWS\system32\lsass.exe[968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DD0027
.text C:\WINDOWS\system32\lsass.exe[968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\lsass.exe[968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DD0038
.text C:\WINDOWS\system32\lsass.exe[968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DD0FE3
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\lsass.exe[968] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\lsass.exe[968] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DB0FE5
.text C:\WINDOWS\system32\lsass.exe[968] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DB001B
.text C:\WINDOWS\system32\lsass.exe[968] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00DB002C
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02640000
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0264007D
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0264006C
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02640F9E
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0264005B
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02640025
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02640F46
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02640F63
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026400D5
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026400C4
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 026400F0
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02640036
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02640FE5
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0264008E
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02640FC3
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02640FD4
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026400A9
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02630051
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02630FB9
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02630036
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0263001B
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02630FCA
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0263000A
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02630076
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02630FE5
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0262006B
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!system 77C293C7 5 Bytes JMP 02620050
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0262002E
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02620000
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0262003F
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02620011
.text C:\WINDOWS\system32\svchost.exe[1140] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\svchost.exe[1140] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1140] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\svchost.exe[1140] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0261000A
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010E0FE5
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010E0078
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010E0F83
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010E0F94
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010E0047
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010E0036
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010E0F3A
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010E0F4B
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010E00B8
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010E00A7
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010E0F0E
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010E0FAF
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010E000A
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010E0F68
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 7C82F0DD 3 Bytes JMP 010E0025
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW + 4 7C82F0E1 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010E0FCA
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010E0F29
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010D0040
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010D0073
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010D0FEF
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010D0025
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010D0062
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010D0000
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010D0051
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010D0FCA
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF004E
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0033
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF000C
.text C:\WINDOWS\system32\svchost.exe[1192] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\system32\svchost.exe[1192] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1192] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FD0011
.text C:\WINDOWS\system32\svchost.exe[1192] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FD0022
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB00AC
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0FAD
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0FDB
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0062
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F90
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00D8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0F53
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F6E
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0F38
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0087
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB00C7
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0051
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB002C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F7F
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA004A
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0039
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BA0F97
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DA, 88]
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA0FA8
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 001C0049
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!system 77C293C7 5 Bytes JMP 001C0038
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 001C0FE3
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 001C0FD2
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 001C0011
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40057
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40032
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40F58
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40F75
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40F97
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40083
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40F47
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A40F05
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A4009E
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A400AF
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40F86
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40068
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FA8
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40FC3
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40F20
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30F54
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30FB9
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30FD4
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30F79
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A3001B
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30F9E
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20F86
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20F97
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20FC3
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20FB2
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A20FDE
.text C:\WINDOWS\system32\svchost.exe[1384] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[1384] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001C0011
.text C:\WINDOWS\system32\svchost.exe[1384] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001C0FDB
.text C:\WINDOWS\system32\svchost.exe[1384] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001C0FC0
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C8007B
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C80F7C
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C80054
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C80043
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C80F97
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C800A7
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C80096
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C80F22
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C80F33
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C800D6
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C80028
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C80FDE
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C80F6B
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C80FB2
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C80FCD
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C80F4E
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C70025
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C70FA8
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C70014
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C70FDE
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C7005B
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C70FC3
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E7, 88] {OUT 0x88, EAX}
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C70040
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wsystem 77C2931E 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C60022
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C60F97
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C60011
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C60FE3
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C60FB2
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001B0011
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001B0FD1
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001B0022
.text C:\WINDOWS\system32\svchost.exe[1436] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02F90FEF
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02F90F81
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02F90076
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02F9005B
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02F9004A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02F90FB9
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02F900B3
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02F900A2
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02F90F3F
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02F900D8
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02F900F3
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02F90FA8
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02F90000
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02F90091
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02F90025
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02F90FD4
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02F90F50
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02F80025
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02F80051
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02F80FD4
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02F8000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02F80F94
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02F80FEF
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02F80FAF
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [18, 8B]
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02F80040
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[1508] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0165000A
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02EA0027
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!system 77C293C7 5 Bytes JMP 02EA0016
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02EA0FC1
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02EA0FEF
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02EA0FA6
.text C:\WINDOWS\System32\svchost.exe[1508] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02EA0FD2
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01FE0000
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01FE0FE5
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01FE0FCA
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01FE0FB9
.text C:\WINDOWS\System32\svchost.exe[1508] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02E40FEF
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001D0000
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001D0F4B
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001D004A
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001D0F66
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001D0F83
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001D0FB9
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001D0F29
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001D0065
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001D0EF3
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001D008C
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001D00A7
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001D0F94
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001D001B
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001D0F3A
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001D0FCA
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001D0FDB
.text C:\WINDOWS\System32\svchost.exe[1544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001D0F18
.text C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C002C
.text C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C007A
.text C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C001B
.text C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C000A
.text C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0069
.text C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002C0058
.text C:\WINDOWS\System32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0047
.text C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00410FA3
.text C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!system 77C293C7 5 Bytes JMP 00410038
.text C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00410FE3
.text C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00410000
.text C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00410FD2
.text C:\WINDOWS\System32\svchost.exe[1544] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00410011
.text C:\WINDOWS\System32\svchost.exe[1544] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0079000A
.text C:\WINDOWS\System32\svchost.exe[1544] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00790FEF
.text C:\WINDOWS\System32\svchost.exe[1544] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00790FD4
.text C:\WINDOWS\System32\svchost.exe[1544] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00790025
.text C:\WINDOWS\System32\svchost.exe[1544] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[1840] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1840] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[1840] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01D80000
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01D80F9E
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01D80093
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01D8006C
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01D8005B
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01D80FCA
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01D80F77
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01D800BF
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!CreateProcessW 7C802336 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01D80F3A
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01D80F55
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01D800F8
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01D80FAF
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01D8001B
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01D800AE
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01D80FDB
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01D8002C
.text C:\WINDOWS\Explorer.EXE[1840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01D80F66
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014F001B
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014F0F8A
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014F0FD4
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014F000A
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014F0047
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014F0FEF
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 014F0FAF
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [6F, 89]
.text C:\WINDOWS\Explorer.EXE[1840] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014F0036
.text C:\WINDOWS\Explorer.EXE[1840] msvcrt.dll!_wsystem 77C2931E 3 Bytes JMP 014E0042
.text C:\WINDOWS\Explorer.EXE[1840] msvcrt.dll!_wsystem + 4 77C29322 1 Byte [89]
.text C:\WINDOWS\Explorer.EXE[1840] msvcrt.dll!system 77C293C7 3 Bytes JMP 014E0FB7
.text C:\WINDOWS\Explorer.EXE[1840] msvcrt.dll!system + 4 77C293CB 1 Byte [89]
.text C:\WINDOWS\Explorer.EXE[1840] msvcrt.dll!_creat 77C2D40F 3 Bytes JMP 014E001D
.text C:\WINDOWS\Explorer.EXE[1840] msvcrt.dll!_creat + 4 77C2D413 1 Byte [89]
.text C:\WINDOWS\Explorer.EXE[1840] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014E0FE3
.text C:\WINDOWS\Explorer.EXE[1840] msvcrt.dll!_wcreat 77C2FC9B 3 Bytes JMP 014E0FC8
.text C:\WINDOWS\Explorer.EXE[1840] msvcrt.dll!_wcreat + 4 77C2FC9F 1 Byte [89]
.text C:\WINDOWS\Explorer.EXE[1840] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014E0000
.text C:\WINDOWS\Explorer.EXE[1840] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 014C0000
.text C:\WINDOWS\Explorer.EXE[1840] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 014C0FDB
.text C:\WINDOWS\Explorer.EXE[1840] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 014C001B
.text C:\WINDOWS\Explorer.EXE[1840] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 014C002C
.text C:\WINDOWS\Explorer.EXE[1840] WS2_32.dll!socket 71AB4211 5 Bytes JMP 014D0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 020B0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 020B0F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 020B006E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 020B0F94
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 020B0FA5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 020B002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 020B00CB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 020B00B0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 020B0F3C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 020B0F4D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 020B00FA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 020B0047
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 020B000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 020B0093
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 020B001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 020B0FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 020B0F68
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E4001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E40F9E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E4000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E40FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E40051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E40FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E40040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E40FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E3001E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E30F93
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E30FB5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E30FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E30FA4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E30FC6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E20FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E10FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E10FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E10FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2412] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E10014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E00FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E00F70
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E00F81
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E0005B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E0004A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E00FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E00F1D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E00F2E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E00091
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E00080
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E00EDD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E00FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E0000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E00F4B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E00FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E0001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E00F02
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DF0025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DF0F8D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DF0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DF000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DF0FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DF0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DF0040
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DF0FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE005A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE0049
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE002E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DD0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DC0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DC000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DC001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2584] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00DC002C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0139000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 013A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0138000C
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20078
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D2005D
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20F83
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20040
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20FA8
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D20F4D
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20F5E
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D20F0D
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20F28
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D200C1
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D2002F
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D20FE5
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D20089
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D20FB9
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D20FD4
.text C:\WINDOWS\system32\svchost.exe[3040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D200B0
.text C:\WINDOWS\system32\svchost.exe[3040] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10036
.text C:\WINDOWS\system32\svchost.exe[3040] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D10F97
.text C:\WINDOWS\system32\svchost.exe[3040] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10025
.text C:\WINDOWS\system32\svchost.exe[3040] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D10014
.text C:\WINDOWS\system32\svchost.exe[3040] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D10FA8
.text C:\WINDOWS\system32\svchost.exe[3040] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[3040] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D10FB9
.text C:\WINDOWS\system32\svchost.exe[3040] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F1, 88]
.text C:\WINDOWS\system32\svchost.exe[3040] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\svchost.exe[3040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00F9C
.text C:\WINDOWS\system32\svchost.exe[3040] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00027
.text C:\WINDOWS\system32\svchost.exe[3040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00FB7
.text C:\WINDOWS\system32\svchost.exe[3040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[3040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D0000C
.text C:\WINDOWS\system32\svchost.exe[3040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00FD2
.text C:\WINDOWS\system32\svchost.exe[3040] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001C0FE5
.text C:\WINDOWS\system32\svchost.exe[3040] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001C0FD4
.text C:\WINDOWS\system32\svchost.exe[3040] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001C000A
.text C:\WINDOWS\system32\svchost.exe[3040] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\SearchIndexer.exe[3284] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
hatespammers
Active Member
 
Posts: 8
Joined: May 29th, 2010, 8:23 pm

Re: Firefox redirection

Unread postby hatespammers » May 31st, 2010, 9:42 am

remaining Gmer.txt



---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A95B1E8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)

Device \Driver\usbuhci \Device\USBPDO-0 8A7AE790
Device \Driver\usbuhci \Device\USBPDO-1 8A7AE790
Device \Driver\usbuhci \Device\USBPDO-2 8A7AE790
Device \Driver\usbehci \Device\USBPDO-3 8A7AF588
Device \Driver\usbuhci \Device\USBPDO-4 8A7AE790

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)

Device \Driver\usbuhci \Device\USBPDO-5 8A7AE790
Device \Driver\usbuhci \Device\USBPDO-6 8A7AE790
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A95D1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\usbehci \Device\USBPDO-7 8A7AF588
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A95D1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom0 8A7BF790
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A95D1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [BA638B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [BA638B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [BA638B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [BA638B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [BA638B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A95D1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Ftdisk \Device\HarddiskVolume5 8A95D1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\NetBT \Device\NetBt_Wins_Export 89DA81E8
Device \Driver\USBSTOR \Device\00000083 89DDD790
Device \Driver\NetBT \Device\NetbiosSmb 89DA81E8
Device \Driver\USBSTOR \Device\00000085 89DDD790

AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)

Device \Driver\usbuhci \Device\USBFDO-0 8A7AE790
Device \Driver\usbuhci \Device\USBFDO-1 8A7AE790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89F4F790
Device \Driver\usbuhci \Device\USBFDO-2 8A7AE790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89F4F790
Device \Driver\NetBT \Device\NetBT_Tcpip_{D358D6C9-4409-4125-9226-6C8F4A04F49B} 89DA81E8
Device \Driver\usbehci \Device\USBFDO-3 8A7AF588
Device \Driver\NetBT \Device\NetBT_Tcpip_{CC63054B-C437-46A1-9443-40ACF0F70B78} 89DA81E8
Device \Driver\usbuhci \Device\USBFDO-4 8A7AE790
Device \Driver\Ftdisk \Device\FtControl 8A95D1E8
Device \Driver\usbuhci \Device\USBFDO-5 8A7AE790
Device \Driver\USBSTOR \Device\0000007f 89DDD790
Device \Driver\usbuhci \Device\USBFDO-6 8A7AE790
Device \Driver\usbehci \Device\USBFDO-7 8A7AF588
Device \Driver\JRAID \Device\Scsi\JRAID1 8A95C1E8
Device \Driver\USBSTOR \Device\0000008d 89DDD790
Device \FileSystem\Cdfs \Cdfs 8A5C02B8
Device -> \Driver\atapi \Device\Harddisk0\DR0 89E28D01

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5B 0x88 0x14 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDA 0x5E 0xC4 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA9 0x78 0x31 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x42 0x40 0x97 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA4 0xC9 0xA7 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xA4 0xC9 0xA7 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5B 0x88 0x14 0x07 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5B 0x88 0x14 0x07 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
hatespammers
Active Member
 
Posts: 8
Joined: May 29th, 2010, 8:23 pm

Re: Firefox redirection

Unread postby hatespammers » May 31st, 2010, 9:44 am

Here is the log file from RSIT:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Rod at 2010-05-31 23:18:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (41%) free of 55 GB
Total RAM: 2046 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:35 PM, on 31/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vtune\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\V0350Mon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SqueezeCenter\SqueezeTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Rod\My Documents\Downloads\rtp8vmv4.exe
C:\Documents and Settings\Rod\Desktop\RSIT.exe
C:\Program Files\trend micro\Rod.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /F "C:\WINDOWS\TEMP\E_SEA.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /F "C:\WINDOWS\TEMP\E_S3.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A58EA309-CE0A-49C4-A18C-31F77FE681E9} (GetInfo.MainClass) - https://www.bppassport.com/diligent/GetInfo.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13811 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-04-01 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-12-01 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-01 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-01 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-01 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Gainward"=C:\Program Files\Vtune\TBPanel.exe [2007-04-24 2158592]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
"EPSON Stylus CX4100 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE [2005-03-08 98304]
"EPSON Stylus CX4100 Series (Copy 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE [2005-03-08 98304]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-23 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-20 136768]
"EPSON Stylus CX4100 Series (Copy 2)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE [2005-03-08 98304]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-07-08 576320]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-07-08 600896]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"V0350Mon.exe"=C:\WINDOWS\V0350Mon.exe [2007-08-23 28672]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-03 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-25 952768]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=E:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-07 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-05-19 2397424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-03 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2007-06-07 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-07 161328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
e:\program files\steam\steam.exe [2010-05-08 1238352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-07 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe [2006-07-20 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe
SqueezeCenter Tray Tool.lnk - C:\Program Files\SqueezeCenter\SqueezeTray.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Rod\Start Menu\Programs\Startup
qlock.lnk - C:\Program Files\Qlock\qlock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-14 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"E:\Program Files\World of Warcraft\BackgroundDownloader.exe"="E:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Files\Steam\Steam.exe"="E:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\Program Files\Python25\pythonw.exe"="E:\Program Files\Python25\pythonw.exe:*:Enabled:pythonw"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"E:\Program Files\Sierra\FEAR\fpupdate.exe"="E:\Program Files\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate"
"E:\Program Files\Sierra\FEAR\FEAR.exe"="E:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"E:\Program Files\Sierra\FEAR\FEARMP.exe"="E:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\Program Files\Steam\steamapps\noodles_greene\half-life blue shift\hl.exe"="E:\Program Files\Steam\steamapps\noodles_greene\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\Steam\steamapps\noodles_greene\counter-strike\hl.exe"="E:\Program Files\Steam\steamapps\noodles_greene\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\Steam\steamapps\noodles_greene\half-life 2 deathmatch\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"E:\Program Files\Steam\steamapps\noodles_greene\zombie panic! source\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\zombie panic! source\hl2.exe:*:Enabled:hl2"
"E:\Program Files\Steam\steamapps\noodles_greene\half-life deathmatch source\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\half-life deathmatch source\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Rod\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Rod\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"E:\Program Files\Steam\steamapps\noodles_greene\team fortress 2\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\Rod\Local Settings\Temp\Blizzard Launcher Temporary - 4195d940\Launcher.exe"="C:\Documents and Settings\Rod\Local Settings\Temp\Blizzard Launcher Temporary - 4195d940\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Rod\Local Settings\Temp\Blizzard Launcher Temporary - 89622bb0\Launcher.exe"="C:\Documents and Settings\Rod\Local Settings\Temp\Blizzard Launcher Temporary - 89622bb0\Launcher.exe:*:Enabled:Blizzard Launcher"
"E:\Program Files\Steam\steamapps\chocobo2000\counter-strike source\hl2.exe"="E:\Program Files\Steam\steamapps\chocobo2000\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\MagicTune Premium\MagicTune.exe"="C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"E:\Program Files\World of Warcraft\Launcher.exe"="E:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"E:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe"="E:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe:*:Enabled:Penumbra: Black Plague"
"E:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe"="E:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe:*:Enabled:Penumbra: Requiem"
"E:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe"="E:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra Overture"
"E:\Program Files\Steam\steamapps\noodles_greene\team fortress classic\hl.exe"="E:\Program Files\Steam\steamapps\noodles_greene\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="E:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"E:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="E:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"="E:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\Program Files\Steam\steamapps\common\fear2\FEAR2.exe"="E:\Program Files\Steam\steamapps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin"
"E:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"="E:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"="E:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"E:\Program Files\Steam\steamapps\noodles_greene\ricochet\hl.exe"="E:\Program Files\Steam\steamapps\noodles_greene\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe"="E:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"E:\Program Files\Steam\steamapps\common\fallout 3 goty\FalloutLauncher.exe"="E:\Program Files\Steam\steamapps\common\fallout 3 goty\FalloutLauncher.exe:*:Enabled:Fallout 3: Game of the Year Edition"
"E:\Program Files\Steam\steamapps\common\fallout 3 goty\Fallout3.exe"="E:\Program Files\Steam\steamapps\common\fallout 3 goty\Fallout3.exe:*:Enabled:Fallout3"
"E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe"="E:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"E:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe"="E:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"E:\Program Files\Steam\steamapps\noodles_greene\counter-strike source\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Steam\steamapps\noodles_greene\garrysmod\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\garrysmod\hl2.exe:*:Enabled:Garry's Mod"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-05-31 23:18:35 ----D---- C:\rsit
2010-05-29 10:03:25 ----D---- C:\Program Files\Trend Micro
2010-05-29 09:05:12 ----DC---- C:\Documents and Settings\Rod\Application Data\SUPERAntiSpyware.com
2010-05-29 09:05:12 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-29 09:05:00 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-29 07:54:05 ----D---- C:\Program Files\iPod
2010-05-29 07:49:40 ----D---- C:\Program Files\Bonjour
2010-05-22 15:36:55 ----A---- C:\mbam-error.txt
2010-05-13 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-05-31 23:18:19 ----D---- C:\WINDOWS\Prefetch
2010-05-31 23:17:01 ----A---- C:\WINDOWS\DFC.INI
2010-05-31 23:14:02 ----D---- C:\WINDOWS\Temp
2010-05-31 21:17:44 ----D---- C:\Program Files\Mozilla Firefox
2010-05-31 21:09:50 ----D---- C:\WINDOWS
2010-05-31 21:07:20 ----SHD---- C:\Config.Msi
2010-05-31 21:07:20 ----D---- C:\WINDOWS\SxsCaPendDel
2010-05-31 21:07:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-05-31 21:05:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-31 21:05:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-31 21:02:42 ----RD---- C:\Program Files
2010-05-31 21:02:06 ----D---- C:\Program Files\Java
2010-05-31 21:02:06 ----D---- C:\Program Files\Common Files\Java
2010-05-31 21:01:59 ----D---- C:\WINDOWS\system32
2010-05-31 21:01:56 ----SHD---- C:\WINDOWS\Installer
2010-05-31 20:58:50 ----D---- C:\Program Files\Lavasoft
2010-05-31 20:58:39 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-05-31 20:58:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-05-31 20:58:35 ----D---- C:\WINDOWS\system32\drivers
2010-05-31 20:58:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-31 00:19:27 ----D---- C:\Program Files\LogMeIn
2010-05-30 16:55:36 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-30 15:51:23 ----SD---- C:\WINDOWS\Tasks
2010-05-29 07:54:02 ----D---- C:\Program Files\Common Files\Apple
2010-05-28 19:34:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-28 19:33:44 ----HD---- C:\WINDOWS\inf
2010-05-24 09:09:48 ----D---- C:\QUARANTINE
2010-05-22 22:02:45 ----A---- C:\WINDOWS\win.ini
2010-05-22 15:36:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-13 03:24:11 ----D---- C:\Program Files\Outlook Express
2010-05-13 03:03:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-12 10:00:07 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-12-01 52136]
R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-17 12256]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2008-07-04 14208]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-12-01 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-12-01 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-12-01 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-23 170408]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-06-30 21760]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VF0350Afx;VF0350 Audio FX; C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-11 142656]
R3 VF0350Vfx;VF0350 Video FX; C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350); C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 170368]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 kxnciuoc;kxnciuoc; \??\C:\DOCUME~1\Rod\LOCALS~1\Temp\kxnciuoc.sys []
S3 MRVW245;Linksys Wireless-N USB Network Adapter WUSB300N; C:\WINDOWS\system32\DRIVERS\MRVW245.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 MagicTuneEngine;MagicTuneEngine; C:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-20 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-23 144960]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [2007-04-24 491520]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-04-30 66872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SqueezeMySQL;SqueezeMySQL; C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2009-01-19 4149248]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-01 153376]
S2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-23 54872]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-07 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-07 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
hatespammers
Active Member
 
Posts: 8
Joined: May 29th, 2010, 8:23 pm

Re: Firefox redirection

Unread postby hatespammers » May 31st, 2010, 9:46 am

and finally..........RSIT info file. Computer performance seems to be about the same.

info.txt logfile of random's system information tool 1.06 2010-05-31 23:21:23

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3-4 MathsPOWER-->MsiExec.exe /X{ECAEA1BD-A99F-4E65-9AE9-F5C8D7182C1B}
3DVIA player 5.0-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
4-5 MathsPOWER-->MsiExec.exe /X{22E97E12-F658-4D7A-B0DB-15A90E69E040}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.2.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
Call of Duty: Modern Warfare 2 - Multiplayer-->"E:\Program Files\Steam\steam.exe" steam://uninstall/10190
Call of Duty: Modern Warfare 2-->"E:\Program Files\Steam\steam.exe" steam://uninstall/10180
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Condemned - Criminal Origins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}\setup.exe" -l0x9 -removeonly
Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Live! Cam Doodling-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x9 /remove
Creative Live! Cam FX Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x9 /remove
Creative Live! Cam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9 /remove
Creative Live! Cam User's Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x9 /remove
Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0350.uns -unsext NT -plugin V0350Pin.dll -pluginres CtCamPin.crl
Creative Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9 /remove
Creative Photo Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cryostasis (Remove Only)-->"C:\Program Files\Aspyr\Cryostasis\unins000.exe"
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F19D07BC-6240-49D3-BA5C-59B015DF8916}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x9 -u
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ESCX4700_4100 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESCX4700_4100\USE_G\DOCUNINS.EXE
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
EzImplant-CDViewer-->C:\Program Files\InstallShield Installation Information\{B8CB4ED2-74EE-44F0-88CB-C2DD30B36EEA}\setup.exe -runfromtemp -l0x0009 -removeonly
F.E.A.R. 2: Project Origin-->"E:\Program Files\Steam\steam.exe" steam://uninstall/16450
Fallout 3 - Game of the Year Edition-->"E:\Program Files\Steam\steam.exe" steam://uninstall/22370
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
Garry's Mod-->"E:\Program Files\Steam\steam.exe" steam://uninstall/4000
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Half-Life 2: Episode One-->"E:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"E:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"E:\Program Files\Steam\steam.exe" steam://uninstall/220
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Left 4 Dead-->"E:\Program Files\Steam\steam.exe" steam://uninstall/500
LogMeIn-->MsiExec.exe /I{34F93E31-E1A0-421C-8E86-BCF7C4193A91}
MagicTune Premium-->C:\Program Files\InstallShield Installation Information\{D6044256-A309-43B5-9833-D3FAFE2AD24D}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MobileMe Control Panel-->MsiExec.exe /I{51F96AEC-D902-4434-A0DC-B9692A21AE7C}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Essentials-->MsiExec.exe /X{2943F1E9-5264-4131-8751-71A8FC9B1033}
NetLimiter 2 Monitor (remove only)-->"C:\Program Files\NetLimiter 2 Monitor\nl2uninst.exe"
ninemsn Internet Software-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Partition Commander 10 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCA0C032-72D5-452C-9C3D-7D4E86D47030}\Setup.exe" -l0x9
PC Wizard 2010.1.92-->"C:\Program Files\CPUID\PC Wizard 2010\unins000.exe"
Penumbra Overture-->"E:\Program Files\Steam\steam.exe" steam://uninstall/22180
Penumbra: Black Plague-->"E:\Program Files\Steam\steam.exe" steam://uninstall/22120
Penumbra: Requiem-->"E:\Program Files\Steam\steam.exe" steam://uninstall/22140
PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Portal-->"E:\Program Files\Steam\steam.exe" steam://uninstall/400
Python 2.5.1-->MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
Qlock Lite-->"C:\Program Files\Qlock\uninstall.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
RivaTuner v2.24-->"C:\Program Files\RivaTuner v2.24\uninstall.exe"
S.T.A.L.K.E.R. - Shadow of Chernobyl-->"E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SereneScreen Marine Aquarium 2.6-->"E:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"
SightSpeed (remove only)-->"C:\Program Files\SightSpeed\uninst.exe"
SqueezeCenter 7.3.2-->"C:\Program Files\SqueezeCenter\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\SASUNINST.EXE" /NOUI
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Team Fortress 2-->"E:\Program Files\Steam\steam.exe" steam://uninstall/440
Ulead DVD MovieFactory 5 Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF164702-AF8B-4F2F-8038-74A4C536866B}\setup.exe" -l0x9
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (kb981726)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {2C69BACE-1151-41C0-8C8D-F6026D510BD4}
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6c-->E:\Program Files\VideoLAN\VLC\uninstall.exe
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
ViewSonic Windows XP Signed Files-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vtune 5.1-->"C:\Program Files\Vtune\unins000.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
wxPython 2.8.7.1 (ansi) for Python 2.5-->"E:\Program Files\Python25\Lib\site-packages\wx-2.8-msw-ansi\unins000.exe"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Security center information======

AV: McAfee VirusScan Enterprise

======System event log======

Computer Name: INTEL_DUAL_CORE
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 25891
Source Name: W32Time
Time Written: 20100511231057.000000+600
Event Type: warning
User:

Computer Name: INTEL_DUAL_CORE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 25890
Source Name: Tcpip
Time Written: 20100511224450.000000+600
Event Type: warning
User:

Computer Name: INTEL_DUAL_CORE
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 25885
Source Name: W32Time
Time Written: 20100510205450.000000+600
Event Type: warning
User:

Computer Name: INTEL_DUAL_CORE
Event Code: 7000
Message: The Cardex service failed to start due to the following error:
Cannot create a file when that file already exists.


Record Number: 25873
Source Name: Service Control Manager
Time Written: 20100510071612.000000+600
Event Type: error
User:

Computer Name: INTEL_DUAL_CORE
Event Code: 7034
Message: The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).

Record Number: 25856
Source Name: Service Control Manager
Time Written: 20100510002951.000000+600
Event Type: error
User:

=====Application event log=====

Computer Name: INTEL_DUAL_CORE
Event Code: 1002
Message: Hanging application steam.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 15087
Source Name: Application Hang
Time Written: 20100128143811.000000+660
Event Type: error
User:

Computer Name: INTEL_DUAL_CORE
Event Code: 1002
Message: Hanging application steam.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 15086
Source Name: Application Hang
Time Written: 20100128110344.000000+660
Event Type: error
User:

Computer Name: INTEL_DUAL_CORE
Event Code: 1002
Message: Hanging application hl2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 15081
Source Name: Application Hang
Time Written: 20100127154326.000000+660
Event Type: error
User:

Computer Name: INTEL_DUAL_CORE
Event Code: 0
Message:
Record Number: 14907
Source Name: Lavasoft Ad-Aware Service
Time Written: 20100115035047.000000+660
Event Type: error
User:

Computer Name: INTEL_DUAL_CORE
Event Code: 1000
Message:
Record Number: 14906
Source Name: Microsoft IntelliPoint
Time Written: 20100115024945.000000+660
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
hatespammers
Active Member
 
Posts: 8
Joined: May 29th, 2010, 8:23 pm

Re: Firefox redirection

Unread postby Cypher » May 31st, 2010, 11:49 am

Hi.
thanks so much for your help and prompt response.

You're welcome.
We have a few things to do here so just take you're time and you will be fine :)

Your computer was infected with a ROOTKIT. In particular, the TDL3/TDSS rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore once you're PC is clean it may be prudent to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

What are rootkits from Wikipedia

How do I respond to a possible identity theft and how do I prevent it

This can prove difficult to remove so we will try the easiest way first.
Let me know if you're searches are still being redirected after this fix.


Punkbuster warning

I see you have Punkbuster installed.( read the section on Published features) This is spyware. Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals. By the definition we handle here, Punkbuster is actual spyware. Therefore, I now ask you to decide the following:
  • Either we try to leave Punkbuster alone but there is no guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break. This will, of course, also break your ability to play games using Punkbuster enabled servers.
  • Or we can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that It is spyware.
  • Another option is to not clean this computer at all. This ensures Punkbuster will continue to function.
Please let me know what you would like to do.



TDSSKiller
  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Imrortant!: only run this fix once.
  • Highlight and copy the text in the codebox below, Do not include the word Code:
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • A log file should be created on your desktop called tdskiller.txt, Please post the contents of that log in your next reply.



Next.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\DNA\btdna.exe"=-
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    
    :Files
    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\Program Files\DNA
    C:\Program Files\uTorrent
    C:\Program Files\LimeWire
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)



Logs/Information to Post in your Next Reply

  • You're Punkbuster decision.
  • tdskiller.txt log
  • OTM log.
  • RSIT log.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox redirection

Unread postby hatespammers » June 2nd, 2010, 8:27 am

Ok have done all you said and comp looks clear. Have not had any redirects in going to 20 different sites and when I start up I no longer need to manually start DHCP client and Themes.

So thanks so much for your help

Yes you can remove Punkbuster

For some reason I did not get a log file from tdskiller but am loath to run again in view of your warning about only running it once.

OTM log follows:

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\DNA\btdna.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Program Files\DNA\plugins folder moved successfully.
C:\Program Files\DNA folder moved successfully.
File/Folder C:\Program Files\uTorrent not found.
File/Folder C:\Program Files\LimeWire not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6110476 bytes
->FireFox cache emptied: 3804872 bytes
->Flash cache emptied: 23553 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 143434035 bytes
->Flash cache emptied: 19864 bytes

User: Rod
->Temp folder emptied: 349851926 bytes
->Temporary Internet Files folder emptied: 8988849 bytes
->Java cache emptied: 26140075 bytes
->FireFox cache emptied: 89676888 bytes
->Flash cache emptied: 895763 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 4370961 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111256180 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23905000 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 677380849 bytes

Total Files Cleaned = 1,381.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06022010_221230

Files moved on Reboot...

Registry entries deleted on Reboot...

will post RSIT log in a separate post
hatespammers
Active Member
 
Posts: 8
Joined: May 29th, 2010, 8:23 pm

Re: Firefox redirection

Unread postby hatespammers » June 2nd, 2010, 8:30 am

RSIT log follows:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Rod at 2010-06-02 22:29:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (42%) free of 55 GB
Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:57 PM, on 2/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vtune\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\V0350Mon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\SqueezeCenter\SqueezeTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~1.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Rod\Desktop\RSIT.exe
C:\Program Files\trend micro\Rod.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /F "C:\WINDOWS\TEMP\E_SEA.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /F "C:\WINDOWS\TEMP\E_S3.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A58EA309-CE0A-49C4-A18C-31F77FE681E9} (GetInfo.MainClass) - https://www.bppassport.com/diligent/GetInfo.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13564 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-04-01 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-12-01 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-01 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-01 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-01 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Gainward"=C:\Program Files\Vtune\TBPanel.exe [2007-04-24 2158592]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
"EPSON Stylus CX4100 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE [2005-03-08 98304]
"EPSON Stylus CX4100 Series (Copy 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE [2005-03-08 98304]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-23 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-20 136768]
"EPSON Stylus CX4100 Series (Copy 2)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE [2005-03-08 98304]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-07-08 576320]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-07-08 600896]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"V0350Mon.exe"=C:\WINDOWS\V0350Mon.exe [2007-08-23 28672]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-03 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-25 952768]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=E:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-07 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-05-19 2397424]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe
SqueezeCenter Tray Tool.lnk - C:\Program Files\SqueezeCenter\SqueezeTray.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Rod\Start Menu\Programs\Startup
qlock.lnk - C:\Program Files\Qlock\qlock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-14 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"E:\Program Files\World of Warcraft\BackgroundDownloader.exe"="E:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Files\Steam\Steam.exe"="E:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\Program Files\Python25\pythonw.exe"="E:\Program Files\Python25\pythonw.exe:*:Enabled:pythonw"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Program Files\Sierra\FEAR\fpupdate.exe"="E:\Program Files\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate"
"E:\Program Files\Sierra\FEAR\FEAR.exe"="E:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"E:\Program Files\Sierra\FEAR\FEARMP.exe"="E:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\Program Files\Steam\steamapps\noodles_greene\half-life blue shift\hl.exe"="E:\Program Files\Steam\steamapps\noodles_greene\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\Steam\steamapps\noodles_greene\counter-strike\hl.exe"="E:\Program Files\Steam\steamapps\noodles_greene\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\Steam\steamapps\noodles_greene\half-life 2 deathmatch\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"E:\Program Files\Steam\steamapps\noodles_greene\zombie panic! source\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\zombie panic! source\hl2.exe:*:Enabled:hl2"
"E:\Program Files\Steam\steamapps\noodles_greene\half-life deathmatch source\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\half-life deathmatch source\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Rod\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Rod\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"E:\Program Files\Steam\steamapps\noodles_greene\team fortress 2\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\Rod\Local Settings\Temp\Blizzard Launcher Temporary - 4195d940\Launcher.exe"="C:\Documents and Settings\Rod\Local Settings\Temp\Blizzard Launcher Temporary - 4195d940\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Rod\Local Settings\Temp\Blizzard Launcher Temporary - 89622bb0\Launcher.exe"="C:\Documents and Settings\Rod\Local Settings\Temp\Blizzard Launcher Temporary - 89622bb0\Launcher.exe:*:Enabled:Blizzard Launcher"
"E:\Program Files\Steam\steamapps\chocobo2000\counter-strike source\hl2.exe"="E:\Program Files\Steam\steamapps\chocobo2000\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\MagicTune Premium\MagicTune.exe"="C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"E:\Program Files\World of Warcraft\Launcher.exe"="E:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"E:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe"="E:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe:*:Enabled:Penumbra: Black Plague"
"E:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe"="E:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe:*:Enabled:Penumbra: Requiem"
"E:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe"="E:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra Overture"
"E:\Program Files\Steam\steamapps\noodles_greene\team fortress classic\hl.exe"="E:\Program Files\Steam\steamapps\noodles_greene\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="E:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"E:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="E:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"="E:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\Program Files\Steam\steamapps\common\fear2\FEAR2.exe"="E:\Program Files\Steam\steamapps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin"
"E:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"="E:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"="E:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"E:\Program Files\Steam\steamapps\noodles_greene\ricochet\hl.exe"="E:\Program Files\Steam\steamapps\noodles_greene\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe"="E:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"E:\Program Files\Steam\steamapps\common\fallout 3 goty\FalloutLauncher.exe"="E:\Program Files\Steam\steamapps\common\fallout 3 goty\FalloutLauncher.exe:*:Enabled:Fallout 3: Game of the Year Edition"
"E:\Program Files\Steam\steamapps\common\fallout 3 goty\Fallout3.exe"="E:\Program Files\Steam\steamapps\common\fallout 3 goty\Fallout3.exe:*:Enabled:Fallout3"
"E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe"="E:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"E:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe"="E:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"E:\Program Files\Steam\steamapps\noodles_greene\counter-strike source\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Steam\steamapps\noodles_greene\garrysmod\hl2.exe"="E:\Program Files\Steam\steamapps\noodles_greene\garrysmod\hl2.exe:*:Enabled:Garry's Mod"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-06-02 22:12:30 ----D---- C:\_OTM
2010-06-02 22:11:05 ----D---- C:\WINDOWS\ERDNT
2010-06-02 22:10:27 ----D---- C:\Program Files\ERUNT
2010-06-02 21:28:46 ----A---- C:\TDSSKiller.2.3.2.0_02.06.2010_21.28.46_log.txt
2010-06-02 21:24:09 ----A---- C:\TDSSKiller.2.3.2.0_02.06.2010_21.24.09_log.txt
2010-05-31 23:18:35 ----D---- C:\rsit
2010-05-29 10:03:25 ----D---- C:\Program Files\Trend Micro
2010-05-29 09:05:12 ----DC---- C:\Documents and Settings\Rod\Application Data\SUPERAntiSpyware.com
2010-05-29 09:05:12 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-29 09:05:00 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-29 07:54:05 ----D---- C:\Program Files\iPod
2010-05-29 07:49:40 ----D---- C:\Program Files\Bonjour
2010-05-22 15:36:55 ----A---- C:\mbam-error.txt
2010-05-13 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-06-02 22:28:55 ----D---- C:\WINDOWS\Prefetch
2010-06-02 22:26:56 ----A---- C:\WINDOWS\DFC.INI
2010-06-02 22:17:00 ----D---- C:\WINDOWS\Temp
2010-06-02 22:14:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-02 22:13:53 ----D---- C:\WINDOWS\system32
2010-06-02 22:13:53 ----D---- C:\WINDOWS
2010-06-02 22:12:53 ----SD---- C:\WINDOWS\Tasks
2010-06-02 22:12:53 ----RD---- C:\Program Files
2010-06-02 21:31:50 ----D---- C:\WINDOWS\system32\drivers
2010-06-02 21:24:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-02 00:32:43 ----D---- C:\Program Files\LogMeIn
2010-05-31 21:17:44 ----D---- C:\Program Files\Mozilla Firefox
2010-05-31 21:07:20 ----SHD---- C:\Config.Msi
2010-05-31 21:07:20 ----D---- C:\WINDOWS\SxsCaPendDel
2010-05-31 21:07:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-05-31 21:05:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-31 21:02:06 ----D---- C:\Program Files\Java
2010-05-31 21:02:06 ----D---- C:\Program Files\Common Files\Java
2010-05-31 21:01:56 ----SHD---- C:\WINDOWS\Installer
2010-05-31 20:58:50 ----D---- C:\Program Files\Lavasoft
2010-05-31 20:58:39 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-05-31 20:58:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-05-30 16:55:36 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-29 07:54:02 ----D---- C:\Program Files\Common Files\Apple
2010-05-28 19:34:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-28 19:33:44 ----HD---- C:\WINDOWS\inf
2010-05-24 09:09:48 ----D---- C:\QUARANTINE
2010-05-22 22:02:45 ----A---- C:\WINDOWS\win.ini
2010-05-22 15:36:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-13 03:24:11 ----D---- C:\Program Files\Outlook Express
2010-05-13 03:03:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-12 10:00:07 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-12-01 52136]
R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-17 12256]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2008-07-04 14208]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-12-01 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-12-01 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-12-01 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-23 170408]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-06-30 21760]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VF0350Afx;VF0350 Audio FX; C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-11 142656]
R3 VF0350Vfx;VF0350 Video FX; C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350); C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 170368]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MRVW245;Linksys Wireless-N USB Network Adapter WUSB300N; C:\WINDOWS\system32\DRIVERS\MRVW245.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-01 153376]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 MagicTuneEngine;MagicTuneEngine; C:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-20 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-23 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-23 54872]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [2007-04-24 491520]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-04-30 66872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SqueezeMySQL;SqueezeMySQL; C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2009-01-19 4149248]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-07 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-07 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
hatespammers
Active Member
 
Posts: 8
Joined: May 29th, 2010, 8:23 pm

Re: Firefox redirection

Unread postby Cypher » June 2nd, 2010, 10:42 am

Hi.
So thanks so much for your help.

You're most welcome.
Have not had any redirects in going to 20 different sites.
Yes you can remove Punkbuster
For some reason I did not get a log file from tdskiller.

Ok good news that the redirects have stopped but stay with me we still have work to do.
The TDSSKiller log is saved on you're PC, is seems there are two of these logs saved.
Go to Start > Computer > C: >TDSSKiller.2.3.2.0_02.06.2010_21.24.09_log.txt
Please post this log in you're next reply.

Next.

Uninstall PunkBuster
Please download PBSVC Setup Program. Save it to your desktop.
  • Double click on pbsvc.exe to start it... then click Uninstall.
    Once that's finished...
  • Click Start > Run and copy and paste the following into the open text box:
    Code: Select all
    cmd /c for %i in (A B K) do sc delete PnkBstr%i
  • Click OK. A black box will flash very briefly, this is normal.
  • Let me know if you performed these steps successfully.

Next.

Re-run OTM
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system32\PnkBstrA.exe"=-
    "C:\WINDOWS\system32\PnkBstrB.exe"=-
    
    :Files
    C:\windows\system32\drivers\PnkBstrK.sys
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the largeImage button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next.

I see you have CCleaner installed, please run it now.
CAUTION: Please do NOT use the "Registry" button in the left pane.
This is a built-in registry cleaner. Removing certain entries can render your computer inoperable!

Next.

Please disable you're Anti-virus temperally so it will not interfer with the below scan.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • TDSSKiller.log.txt
  • OTM log.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox redirection

Unread postby hatespammers » June 4th, 2010, 10:38 am

hi...here is the information you requested.

1) Tdsskiller log

21:24:09:562 2036 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
21:24:09:562 2036 ================================================================================
21:24:09:562 2036 SystemInfo:

21:24:09:562 2036 OS Version: 5.1.2600 ServicePack: 3.0
21:24:09:562 2036 Product type: Workstation
21:24:09:562 2036 ComputerName: INTEL_DUAL_CORE
21:24:09:562 2036 UserName: Rod
21:24:09:562 2036 Windows directory: C:\WINDOWS
21:24:09:562 2036 Processor architecture: Intel x86
21:24:09:562 2036 Number of processors: 2
21:24:09:562 2036 Page size: 0x1000
21:24:09:562 2036 Boot type: Normal boot
21:24:09:562 2036 ================================================================================
21:24:10:140 2036 Initialize success
21:24:10:140 2036
21:24:10:140 2036 Scanning Services ...
21:24:10:500 2036 Raw services enum returned 369 services
21:24:10:515 2036
21:24:10:515 2036 Scanning Drivers ...
21:24:11:062 2036 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:24:11:078 2036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:24:11:109 2036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:24:11:156 2036 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:24:11:234 2036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:24:11:250 2036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:24:11:281 2036 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:24:11:312 2036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:24:11:343 2036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:24:11:390 2036 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
21:24:11:453 2036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:24:11:468 2036 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:24:11:500 2036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:24:11:531 2036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:24:11:546 2036 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:24:11:609 2036 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:24:11:640 2036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:24:11:671 2036 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:24:11:703 2036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:24:11:734 2036 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:24:11:750 2036 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:24:11:781 2036 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:24:11:796 2036 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:24:11:812 2036 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:24:11:843 2036 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:24:11:843 2036 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:24:11:890 2036 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:24:11:953 2036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:24:12:000 2036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:24:12:031 2036 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
21:24:13:265 2036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:24:13:328 2036 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:24:13:375 2036 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:24:13:406 2036 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:24:13:437 2036 hotcore3 (71e669a067ecca89b0948eea48eeb3a9) C:\WINDOWS\system32\drivers\hotcore3.sys
21:24:13:484 2036 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:24:13:578 2036 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:24:13:703 2036 IntcAzAudAddService (e37589414437a60797e94c0f57c546db) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:24:13:828 2036 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:24:13:843 2036 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:24:13:890 2036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:24:13:906 2036 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:24:13:953 2036 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:24:13:953 2036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:24:13:984 2036 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:24:13:984 2036 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:24:14:000 2036 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
21:24:14:015 2036 JRAID (f90a4e8657319a652e04c5362926cfea) C:\WINDOWS\system32\DRIVERS\jraid.sys
21:24:14:046 2036 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:24:14:062 2036 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:24:14:109 2036 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
21:24:14:140 2036 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:24:14:171 2036 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:24:14:265 2036 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
21:24:14:359 2036 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
21:24:14:437 2036 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
21:24:14:468 2036 MagicTune (c516f27e6e8f8a951e2ff7151b3b0ebb) C:\WINDOWS\system32\drivers\MTiCtwl.sys
21:24:14:562 2036 mfeapfk (b5c306c5b5e7417b9d2b410894678069) C:\WINDOWS\system32\drivers\mfeapfk.sys
21:24:14:609 2036 mfeavfk (87b28198b308af3469d6e0b81d86c1fa) C:\WINDOWS\system32\drivers\mfeavfk.sys
21:24:14:671 2036 mfebopk (cf37784dd24c83f62626bc0ea3f5e386) C:\WINDOWS\system32\drivers\mfebopk.sys
21:24:14:718 2036 mfehidk (241c09c7d8c589ea1d72a36e6578e42c) C:\WINDOWS\system32\drivers\mfehidk.sys
21:24:14:750 2036 mferkdk (37b5228bea6b4429ffb90dfa77af4431) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
21:24:14:812 2036 mfetdik (19c2d8af421e96d12e4004ca2162dbe9) C:\WINDOWS\system32\drivers\mfetdik.sys
21:24:14:906 2036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:24:15:062 2036 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:24:15:171 2036 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:24:15:203 2036 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:24:15:218 2036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:24:15:250 2036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:24:15:281 2036 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:24:15:328 2036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:24:15:343 2036 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:24:15:359 2036 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:24:15:390 2036 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:24:15:406 2036 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:24:15:406 2036 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:24:15:421 2036 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:24:15:437 2036 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:24:15:484 2036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:24:15:500 2036 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:24:15:515 2036 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:24:15:546 2036 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:24:15:578 2036 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:24:15:593 2036 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:24:15:593 2036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:24:15:609 2036 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:24:15:640 2036 nltdi (19c50a0051fed34cc2544cd45114e4e5) C:\WINDOWS\system32\drivers\nltdi.sys
21:24:15:703 2036 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:24:15:734 2036 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:24:15:765 2036 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
21:24:15:828 2036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:24:15:984 2036 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:24:16:109 2036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:24:16:125 2036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:24:16:156 2036 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:24:16:187 2036 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:24:16:218 2036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:24:16:234 2036 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:24:16:265 2036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:24:16:281 2036 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:24:16:359 2036 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
21:24:16:421 2036 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:24:16:421 2036 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:24:16:453 2036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:24:16:500 2036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:24:16:515 2036 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:24:16:515 2036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:24:16:531 2036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:24:16:546 2036 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:24:16:562 2036 RDPCDD (6b6df1bb514143895325d5f43b303cf5) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:24:16:562 2036 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 6b6df1bb514143895325d5f43b303cf5, Fake md5: 4912d5b403614ce99c28420f75353332
21:24:16:562 2036 File "C:\WINDOWS\system32\DRIVERS\RDPCDD.sys" infected by TDSS rootkit ... 21:24:18:078 2036 Backup copy found, using it..
21:24:18:156 2036 will be cured on next reboot
21:24:18:234 2036 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:24:18:265 2036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:24:18:328 2036 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24\RivaTuner32.sys
21:24:18:390 2036 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:24:18:421 2036 RTLE8023xp (098de621085d7f922871a99b0ec7ddd6) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:24:18:515 2036 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:24:18:546 2036 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:24:18:609 2036 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:24:18:640 2036 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:24:18:640 2036 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:24:18:656 2036 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:24:18:703 2036 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:24:18:750 2036 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:24:18:796 2036 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
21:24:18:796 2036 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
21:24:18:812 2036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:24:18:828 2036 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:24:18:859 2036 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:24:18:890 2036 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:24:18:906 2036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:24:18:937 2036 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:24:18:984 2036 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
21:24:19:015 2036 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:24:19:062 2036 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:24:19:078 2036 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:24:19:093 2036 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:24:19:125 2036 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:24:19:140 2036 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:24:19:187 2036 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:24:19:218 2036 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:24:19:234 2036 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:24:19:250 2036 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:24:19:281 2036 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:24:19:296 2036 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:24:19:312 2036 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:24:19:343 2036 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:24:19:359 2036 VF0350Afx (e8532ccc886588219bceb3ea6f9f5339) C:\WINDOWS\system32\Drivers\V0350Afx.sys
21:24:19:406 2036 VF0350Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\V0350VFx.sys
21:24:19:453 2036 VF0350Vid (f9a3663065a897cec4a48c9854b35cd3) C:\WINDOWS\system32\DRIVERS\V0350Vid.sys
21:24:19:500 2036 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:24:19:515 2036 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:24:19:531 2036 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:24:19:562 2036 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:24:19:640 2036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:24:19:656 2036 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:24:19:703 2036 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:24:19:718 2036 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:24:19:718 2036 Reboot required for cure complete..
21:24:20:281 2036 Cure on reboot scheduled successfully
21:24:20:281 2036
21:24:20:281 2036 Completed
21:24:20:281 2036
21:24:20:281 2036 Results:
21:24:20:281 2036 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:24:20:281 2036 File objects infected / cured / cured on reboot: 1 / 0 / 1
21:24:20:281 2036
21:24:20:281 2036 KLMD(ARK) unloaded successfully

2) OTM log

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\DNA\btdna.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Program Files\DNA\plugins folder moved successfully.
C:\Program Files\DNA folder moved successfully.
File/Folder C:\Program Files\uTorrent not found.
File/Folder C:\Program Files\LimeWire not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6110476 bytes
->FireFox cache emptied: 3804872 bytes
->Flash cache emptied: 23553 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 143434035 bytes
->Flash cache emptied: 19864 bytes

User: Rod
->Temp folder emptied: 349851926 bytes
->Temporary Internet Files folder emptied: 8988849 bytes
->Java cache emptied: 26140075 bytes
->FireFox cache emptied: 89676888 bytes
->Flash cache emptied: 895763 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 4370961 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111256180 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23905000 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 677380849 bytes

Total Files Cleaned = 1,381.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06022010_221230

Files moved on Reboot...

Registry entries deleted on Reboot...


3) ESET log

C:\Program Files\Uninstall Ask Toolbar.dll Win32/Toolbar.AskSBar application
I:\Simon's Documents\Installers\sdvc.exe Win32/Adware.WhenU.SaveNow application
I:\Simon's Documents\ISOs\Doom 3 (PC)\DOOM3_ULTIMATE.iso a variant of Win32/HackTool.Patcher.A application


Computer is running fine. No redirects happening.
hatespammers
Active Member
 
Posts: 8
Joined: May 29th, 2010, 8:23 pm

Re: Firefox redirection

Unread postby Cypher » June 4th, 2010, 11:12 am

Hi.
Delete this and you're good to go :)
C:\Program Files\Uninstall Ask Toolbar.dll


your latest set of logs appear to be clean!

This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


Clean up with OTM

  • Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.


Create a new, clean System Restore point

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox redirection

Unread postby Dakeyras » June 5th, 2010, 9:27 am

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware