I am having a great deal of difficulty doing anything. At times I cannot even right click on the desktop to open the properties to disable ther sdcreensaver. Because of ave.exe, my browser (usually Firefox, but problems with Explorer also) often does not open, or closes unexpectedly. The RSIT minimized log you mentioned was not there.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jim at 2010-04-22 21:54:36
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 62 GB (41%) free of 153 GB
Total RAM: 1023 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51, on 2010-04-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Jim\Desktop\RSIT.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Jim.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Jim\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Nostromo Loadout Manager.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\national instruments\shared\mdns responder\nimdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
http://*.mcafee.comO16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) -
http://go.microsoft.com/fwlink/?LinkId=82580O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6873087140O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6873079156O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZI ... b56649.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) -
http://messenger.zone.msn.com/binary/WoF.cab57176.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab57176.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: National Instruments LXI Discovery Service (niLXIDiscovery) - National Instruments Corporation - C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
O23 - Service: National Instruments mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
--
End of file - 11402 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2006-08-01 825528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2007-02-22 850104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-23 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-23 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-06-18 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]
"USBToolTip"=C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe [2006-01-23 196608]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2005-12-21 73728]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=C:\Program Files\Spyware Doctor\swdoctor.exe [2007-02-22 2115728]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"cdloader"=C:\Documents and Settings\Jim\Application Data\mjusbsp\cdloader2.exe [2009-04-10 50520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPPS-Control-Centre]
C:\Program Files\Kodak\PicturePageSoftware\PicCent.exe [2000-11-30 574976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\LogMeInSystray.exe [2006-10-06 303864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaturalPoint]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEUSBTip]
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2006-01-23 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Piccolo-Control-Centre]
C:\Program Files\Kodak\PicturePageSoftware\PicCent.exe [2000-11-30 574976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\\PSDrvCheck.exe [2003-11-10 406016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
C:\Program Files\Saitek\Software\Profiler.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
C:\Program Files\Saitek\Software\SaiSmart.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-01-04 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
C:\WINDOWS\system32\PCLECoInst.dll [2005-12-21 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe
Nostromo Loadout Manager.lnk - C:\WINDOWS\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2006-10-06 11504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoStrCmpLogical"=01000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AvRack\rtlrack.exe"="C:\Program Files\AvRack\rtlrack.exe:*:Enabled:AvRack"
"C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe"="C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Enabled:PF+FB+AEP"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe"="C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Jim\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Jim\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:enable"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59d58457-19a0-11df-b7a0-0019213c09a8}]
shell\AutoRun\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
shell\open\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ccba0b7-951e-11de-a67b-0019213c09a8}]
shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ccba0b8-951e-11de-a67b-0019213c09a8}]
shell\AutoRun\command - G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
shell\open\command - G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ccba0b9-951e-11de-a67b-0019213c09a8}]
shell\AutoRun\command - D:\LaunchU3.exe -a
======File associations======
.exe - open - "C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe" /START "%1" %*
======List of files/folders created in the last 1 months======
2010-04-22 21:50:54 ----D---- C:\rsit
2010-04-17 17:10:45 ----D---- C:\Documents and Settings\All Users\Application Data\avG
2010-04-16 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-16 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-16 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-15 03:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 00:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 00:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-09 18:15:27 ----D---- C:\Documents and Settings\Jim\Application Data\Malwarebytes
2010-04-09 18:15:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-09 18:15:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-24 18:09:46 ----D---- C:\Documents and Settings\Jim\Application Data\Helper
======List of files/folders modified in the last 1 months======
2010-04-22 21:49:51 ----D---- C:\WINDOWS\Prefetch
2010-04-22 21:48:25 ----D---- C:\WINDOWS\system32
2010-04-22 21:48:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-22 21:45:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-22 21:45:12 ----D---- C:\WINDOWS\TEMP
2010-04-22 06:08:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-17 17:10:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-04-16 06:01:26 ----D---- C:\WINDOWS
2010-04-16 03:01:38 ----SHD---- C:\WINDOWS\Installer
2010-04-16 03:01:38 ----SHD---- C:\Config.Msi
2010-04-16 03:01:28 ----HD---- C:\WINDOWS\inf
2010-04-16 03:01:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-04-16 03:01:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-16 03:01:17 ----A---- C:\WINDOWS\imsins.BAK
2010-04-16 03:01:16 ----D---- C:\WINDOWS\system32\drivers
2010-04-15 03:27:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-09 19:42:13 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2010-04-09 18:15:19 ----D---- C:\Program Files
2010-04-06 13:52:54 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-04-04 14:29:20 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 03:01:29 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ikhfile;File Security Kernel Anti-Spyware Driver; C:\WINDOWS\system32\drivers\ikhfile.sys [2006-07-10 30592]
R1 ikhlayer;Kernel Anti-Spyware Driver; C:\WINDOWS\system32\drivers\ikhlayer.sys [2006-08-24 51072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-26 20747]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2008-04-07 4096]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\RaInfo.sys []
R2 NiViPxiK;NI-VISA PXI Driver; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [2008-06-20 11360]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-03-31 3960896]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-02-23 11264]
R3 bcgame;Nostromo HID Device Minidriver; C:\WINDOWS\system32\drivers\bcgame.sys [2007-08-14 23040]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2006-10-06 8048]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2005-12-21 19712]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 GAGPDrv;GAGPDrv; C:\WINDOWS\system32\drivers\GAGPDrv.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2003-09-30 22880]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-07-18 41752]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nidimk;nidimk; \??\C:\WINDOWS\system32\drivers\nidimkl.sys []
S3 niorbk;niorbk; \??\C:\WINDOWS\system32\drivers\niorbkl.sys []
S3 nipalfwedl;nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [2008-06-13 11904]
S3 nipalusbedl;nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [2008-06-13 11896]
S3 NiViFWK;NI-VISA FireWire Driver; C:\WINDOWS\System32\drivers\NiViFWKl.sys [2008-06-20 11384]
S3 NiViPciK;NI-VISA PCI Driver; C:\WINDOWS\System32\drivers\NiViPciKl.sys [2008-06-20 11360]
S3 NPUSB;NPUSB; C:\WINDOWS\system32\DRIVERS\npusb.sys [2005-11-09 15360]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-07-18 490776]
S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
S3 SaiH053c;SaiH053c; C:\WINDOWS\System32\DRIVERS\SaiH053c.sys [2004-07-26 56576]
S3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2007-10-05 14080]
S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2007-10-05 35200]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBAV191;Instant VideoXpress; C:\WINDOWS\SYSTEM32\DRIVERS\USBAV191.SYS [2005-04-28 120128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\yukonwxp.sys [2003-12-23 174464]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-23 153376]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2008-06-17 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2008-06-17 40488]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2008-06-17 50736]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2008-04-02 12696]
R2 niLXIDiscovery;National Instruments LXI Discovery Service; C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2008-06-20 129144]
R2 nimDNSResponder;National Instruments mDNS Responder Service; C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2008-06-18 192112]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2007-11-06 8656]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2007-07-23 609384]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-07 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-11-24 189184]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2007-02-22 895088]
R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2008-06-12 1007616]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2007-05-09 98304]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\RaMaint.exe [2006-10-06 62200]
S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\LogMeIn.exe [2006-10-06 1622768]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-04-24 06:48:06
Windows 5.1.2600 Service Pack 2
Running: klwjj1o3.exe; Driver: C:\DOCUME~1\Jim\LOCALS~1\Temp\ugldapog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6CFF360, 0x372FAD, 0xE8000020]
.rsrc C:\WINDOWS\system32\drivers\pclepci.sys entry point in ".rsrc" section [0xF67D1F54]
? C:\WINDOWS\TEMP\mc21.tmp The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\lktsrv.exe[160] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lktsrv.exe[160] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lktsrv.exe[160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lktsrv.exe[160] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lktsrv.exe[160] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[320] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[320] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[320] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[320] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[320] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nisvcloc.exe[524] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nisvcloc.exe[524] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\nisvcloc.exe[524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nisvcloc.exe[524] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nisvcloc.exe[524] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\National Instruments\MAX\nimxs.exe[528] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\National Instruments\MAX\nimxs.exe[528] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\National Instruments\MAX\nimxs.exe[528] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\National Instruments\MAX\nimxs.exe[528] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\National Instruments\MAX\nimxs.exe[528] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe[576] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe[576] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe[576] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe[576] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe[576] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[704] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[704] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[704] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[732] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[732] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[796] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[796] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[796] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[796] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[796] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[1164] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[1164] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nvsvc32.exe[1164] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[1164] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\system32\PnkBstrA.exe[1220] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\PnkBstrA.exe[1220] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\PnkBstrA.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\PnkBstrA.exe[1220] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\PnkBstrA.exe[1220] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\PnkBstrB.exe[1272] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\PnkBstrB.exe[1272] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\PnkBstrB.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\PnkBstrB.exe[1272] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\PnkBstrB.exe[1272] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1300] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1300] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Jim\Desktop\klwjj1o3.exe[1428] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jim\Desktop\klwjj1o3.exe[1428] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\Jim\Desktop\klwjj1o3.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Jim\Desktop\klwjj1o3.exe[1428] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Jim\Desktop\klwjj1o3.exe[1428] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Jim\Desktop\klwjj1o3.exe[1428] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1604] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1604] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1640] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1640] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1648] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1648] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1648] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1648] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1708] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1708] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1740] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1740] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1740] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1740] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lkcitdl.exe[1844] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lkcitdl.exe[1844] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lkcitdl.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lkcitdl.exe[1844] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lkcitdl.exe[1844] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1960] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1960] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1960] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1960] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1960] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1960] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wuauclt.exe[1984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[1984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\WINDOWS\system32\wuauclt.exe[1984] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 002A000C
.text C:\WINDOWS\system32\lkads.exe[2044] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lkads.exe[2044] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lkads.exe[2044] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lkads.exe[2044] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lkads.exe[2044] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\SOUNDMAN.EXE[2064] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[2064] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\SOUNDMAN.EXE[2064] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\SOUNDMAN.EXE[2064] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[2064] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\SOUNDMAN.EXE[2064] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[2100] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[2100] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[2100] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[2100] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[2100] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2160] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2160] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2160] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2160] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2160] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[2168] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[2168] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[2168] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[2168] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[2168] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[2168] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AB000A
.text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AA000C
.text C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe[2648] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe[2648] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe[2648] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe[2648] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe[2648] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe[2648] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\RUNDLL32.EXE[2852] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2852] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\RUNDLL32.EXE[2852] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2852] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2852] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2852] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2964] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2964] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2964] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2964] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2964] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2964] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2984] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2984] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2984] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2984] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2984] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2988] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2988] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2988] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2988] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2988] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2988] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3068] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3068] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3068] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3068] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3068] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3068] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3068] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3084] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3084] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3084] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3084] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3084] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3084] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\ctfmon.exe[3092] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3092] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[3092] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[3092] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3092] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[3092] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Belkin\Nostromo\nost_LM.exe[3224] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Belkin\Nostromo\nost_LM.exe[3224] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Belkin\Nostromo\nost_LM.exe[3224] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Belkin\Nostromo\nost_LM.exe[3224] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Belkin\Nostromo\nost_LM.exe[3224] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Belkin\Nostromo\nost_LM.exe[3224] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\Explorer.EXE[3508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0027000A
.text C:\WINDOWS\Explorer.EXE[3508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0028000A
.text C:\WINDOWS\Explorer.EXE[3508] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0026000C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3584] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3584] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3584] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3584] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3584] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[3772] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[3772] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[3772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[3772] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[3772] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[3772] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3896] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3896] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3896] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3896] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3896] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3896] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[4092] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[4092] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[4092] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[4092] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[4092] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Jim\Local Settings\Application Data\ave.exe[4092] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ikhfile.sys (PCTools Research Pty Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat ikhfile.sys (PCTools Research Pty Ltd.)
Device -> \Driver\atapi \Device\Harddisk0\DR0 868ACAC8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\pclepci.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----