0

As the title states, mbam.exe is deleted from my hard drive even when I newly install malwarebytes, I'm getting many popups, and every antivirus website "cannot be displayed" I will put up my Hijackthis file. Thank you so much for the help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:11 PM, on 10/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE
C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE
C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe" "C:\Program Files\Hewlett-Packard\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [gayamoyak] Rundll32.exe "c:\windows\system32\lupuwufe.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://hansononline/hbma/Portal/resources/msddsc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171470851375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://usirapp01.hanson-america.net:8010/jinitiator/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\Software\..\Telephony: DomainName = grouphc.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grouphc.net
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll c:\windows\system32\lupuwufe.dll,dukazewe.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O21 - SSODL: zetafogig - {ac55fe80-304d-4b4b-ae1a-878ce1f78584} - c:\windows\system32\lupuwufe.dll
O22 - SharedTaskScheduler: mujuzedij - {ac55fe80-304d-4b4b-ae1a-878ce1f78584} - c:\windows\system32\lupuwufe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 13508 bytes

3
Contributors
36
Replies
37
Views
7 Years
Discussion Span
Last Post by crunchie
0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

For some reason, Combofix isn't making any progress. I kept it open all night and all it said something along the lines of "this scan typically takes ten minutes.... for infected computers it may double." Did I do something wrong?

0

While you are waiting for crunchie to check back, please give this a go:

Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:

- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for us.

***Disconnect from the internet and do not run any other programs while GMER is scanning. DO NOT take any action for any found items until either crunchie or I can have a look.

PP :)

Edited by PhilliePhan: n/a

0

Okay so here's the GMER Log. I actually had to go through vtunnel to access this file. The page was "not found" otherwise. :@ Anyways, here's the log. I really appreciate the help.


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-27 21:55:01
Windows 5.1.2600 Service Pack 2
Running: zf8b769y.exe; Driver: C:\DOCUME~1\BCHODK~1.HAN\LOCALS~1\Temp\pfroruog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA72206D0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA6FBF57B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA6FBF4FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA6FBF5A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA6FBF50F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA6FBF53B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA6FBF5CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA6FBF4E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA6FBF58F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA6FBF525]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA6FBF551]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA6FBF567]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA6FBF5E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA6FBF5B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80503FE8 7 Bytes JMP A6FBF5BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577ED2 5 Bytes JMP A6FBF57F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0A7E 7 Bytes JMP A6FBF5D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B188C 5 Bytes JMP A6FBF5E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6E5E 7 Bytes JMP A6FBF593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFAE0 5 Bytes JMP A6FBF5A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1232 5 Bytes JMP A6FBF56B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806207D0 7 Bytes JMP A6FBF555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621B36 7 Bytes JMP A6FBF529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80622110 5 Bytes JMP A6FBF4FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 806225A0 7 Bytes JMP A6FBF513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622770 7 Bytes JMP A6FBF53F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806234A6 5 Bytes JMP A6FBF4EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00830FEF
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00830F63
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00830F7E
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00830F9B
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00830058
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0083003D
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00830F48
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0083008E
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00830F2D
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008300BC
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008300D7
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00830FC0
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00830000
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0083007D
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0083002C
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00830011
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008300AB
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00720FCA
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00720FA5
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0072001B
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00720FEF
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0072006C
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00720051
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00720040
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710040
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!system 77C293C7 5 Bytes JMP 00710FB5
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00710FC6
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0071001B
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710FE3
.text C:\WINDOWS\system32\svchost.exe[204] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00700FDB
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00700FCA
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00700011
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E0FE5
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E0078
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0F83
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0051
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0040
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E001B
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E0F3C
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E0F57
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E00BA
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E00A9
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008E00CB
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008E0F9E
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008E0F72
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008E0FB9
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008E0F2B
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008D0FE5
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008D0080
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008D0040
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008D001B
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008D0FB9
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008D0051
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0F9C
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0FB7
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C0FD2
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0027
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C000C
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BE0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BE0F5E
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BE0F79
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BE0F8A
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BE003D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BE0FB6
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BE0F30
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BE0078
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BE00AE
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BE0093
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00BE0EFA
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00BE0F9B
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00BE0FDB
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00BE0F4D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00BE0022
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00BE0011
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00BE0F1F
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00BD0022
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00BD0F9B
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00BD0FDB
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00BD0011
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00BD0FB6
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00BD0058
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00BD0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00BD003D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0FD2
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC005D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FE3
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0042
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC001D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F40F81
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F40076
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F40FA8
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F40065
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F40F55
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F40F66
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F400DA
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F400C9
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F400F5
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F40FC3
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F40025
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F40091
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F40036
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F400B8
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A00044
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A00033
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A00018
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A00FC3
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A1001B
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A1006C
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A1005B
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A10FAF
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A10036
.text C:\WINDOWS\system32\services.exe[1364] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F40060
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F4004F
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F40F75
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F40F86
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F40FBC
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F40F18
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F40F35
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F40EEC
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F40085
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F40EDB
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F40FA1
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F40014
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F40F50
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F40FCD
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F40F07
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F30036
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F30084
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F30025
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F3000A
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F30073
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F30062
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F30051
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20051
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20FC6
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20FD7
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F2002C
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20011
.text C:\WINDOWS\system32\lsass.exe[1376] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F10000
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F70087
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F7006C
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F70F9E
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F70051
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F7002F
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F70F66
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F700A2
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F70F55
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F700EE
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F70109
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F70040
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F70FDE
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F70F81
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F70FC3
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F70014
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F700D3
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00DD002F
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00DD006C
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00DD0FDE
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00DD0014
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00DD005B
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00DD004A
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00DD0FC3
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DC004C
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DC0031
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DC0FC1
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DC0016
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DC0FD2
.text C:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DA000A
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00DB0FDE
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00DB0FC3
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00850000
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00850F72
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00850F83
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00850F94
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00850FA5
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00850FC0
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00850F30
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00850082
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008500B8
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0085009D
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00850EFA
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00850047
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00850011
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00850F57
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00850FD1
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00850022
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00850F1F
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00840011
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00840F6C
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00840FC0
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00840FDB
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00840033
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00840F9B
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00840000
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00840022
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00830F9C
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00830027
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00830FC1
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00830FE3
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00830016
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00830FD2
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E008C
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0F97
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0065
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0FA8
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E00A7
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E0F6B
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E0F29
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E00C2
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008E00E7
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008E004A
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008E0F7C
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008E0025
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008E0F44
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008D0FC3
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008D004A
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008D0FDE
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008D002F
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008D0F8D
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008D0FA8
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0066
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0055
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C003A
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C000C
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C0029
.text C:\WINDOWS\system32\svchost.exe[1652] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008B0FE5
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E00000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E00F8D
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E00082
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E00FA8
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E00065
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E00FCD
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E00F4B
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E0009D
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E000B8
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E00F1F
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00E000D3
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00E00054
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00E00FEF
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00E00F72
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00E0002F
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00E00FDE
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00E00F30
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00DF002C
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00DF0FA5
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00DF001B
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00DF0000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00DF0062
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00DF0FC0
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00DF0FEF
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00DF0047
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0067
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE004C
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FD2
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0027
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0FE3
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\System32\svchost.exe[1860] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 01C1538E
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02110000
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0211007D
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02110062
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02110047
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02110F94
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02110FC0
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02110F52
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0211008E
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 021100D0
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02110F37
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02110F1C
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02110FA5
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02110011
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 02110F6D
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02110FDB
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA 7C85FC74 3 Bytes JMP 0211002C
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA + 4 7C85FC78 1 Byte [85]
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 021100B5
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 02100022
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0210005F
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 02100FDB
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 02100011
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0210004E
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0210003D
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 02100000
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02100FB6
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 020F0016
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!system 77C293C7 5 Bytes JMP 020F0F8B
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 020F0FC1
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 020F0FE3
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 020F0FA6
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 020F0FD2
.text C:\WINDOWS\System32\svchost.exe[1860] NETAPI32.dll!NetpwPathCanonicalize 5B86A101 5 Bytes JMP 01C1532E
.text C:\WINDOWS\System32\svchost.exe[1860] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01CA0000
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 01CB000A
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 01CB0FEF
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 01CB0FD4
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 01CB0025
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 0095538E
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A2007D
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A20F88
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A20062
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A20FA5
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A2003D
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A200B5
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A200A4
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A20F30
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A20F41
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A20F15
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A20FB6
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A20F6D
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A2002C
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A20011
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A20F52
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009F0025
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009F0F83
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009F0F9E
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009F0FB9
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0F94
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FAF
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0029
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0FD4
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0018
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 009D0011
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenUrlA 771C5A72 3 Bytes JMP 009D0022
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenUrlA + 4 771C5A76 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 009D0FC5
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F41
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0025
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F0B
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0047
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0093
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0078
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00AE
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F26
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0014
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FCD
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0EFA
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0028002C
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!system 77C293C7 5 Bytes JMP 00280FA1
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00280FCD
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00280FEF
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00280FB2
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00280FDE
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290FA1
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290FB2
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290FC3
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 003C0FDB
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 003C0000
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 003C0FBE
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 003C0011
.text C:\WINDOWS\Explorer.EXE[3328] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01770000

0

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00892F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00892CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00892D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00892CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00962F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00962CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00962D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00962CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00952D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00382D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] Wmdmprov <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@DisplayName iyglu
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@Description Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov\Parameters@ServiceDll C:\WINDOWS\system32\qctqykkn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@DisplayName iyglu
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@Description Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov\Parameters@ServiceDll C:\WINDOWS\system32\qctqykkn.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32\APSHook.dll

---- EOF - GMER 1.0.15 ----

0

And also I just ran across...

The log looks good, but the symptom are very similar to those caused by Conficker virus. You can restore access to security web sites on an infected machine by taking the following steps:

1. Click Start > Run.
2. In the Run box, type the following: cmd
3. Click OK.
4. Type the following and then press Enter. cd..
5. Repeat the previous step until you get to the root level, or C:\>. Note that if your root drive is not C, the letter will be different.
6. At C:\> type the following: net stop dnscache
7. Press Enter. This disables the domain blocking feature of Conficker and you should now be able to reach security Web sites.

It let me reach security sites, and am now scanning from trendmicro! Is my issue solved?

0

Is my issue solved?

Not anywhere close to being solved! All that step does is bypass the poisoned DNS cache.

You have a large infestation with rootkit components. Hang in there for crunchie to post back - I don't want to get in his way.

PP :)

0

Unfortunately, I have had absolutely nothing to do with Gmer other than look through a few logs in passing, so I will get you to try running combofix a different way to try and get it to run through.
PhilliePhan, is there a good tutorial around for Gmer?

==Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

"%userprofile%\desktop\ComboFix.exe" /KillAll


ClickOK and this will start ComboFix.
When finished, it will produce a log. Please save that log to a Notepad File and include it in your next reply along with a fresh HJT log.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* Re-enable all the programs that were disabled prior to the running of ComboFix.

* Post the following logs/Reports: ComboFix.txt
Fresh HijackThis log run after all the other tools have performed their cleanup.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attachments th_RunBox_KillAll.jpg 10.4 KB
0

The scan was successful! Here is the Combofix Log, followed by a fresh HJT log.


ComboFix 09-10-27.08 - bchodkowski 10/28/2009 17:16.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1672 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\desktop\combofix.exe
Command switches used :: /KillAll
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\LOG10.tmp
C:\LOG12.tmp
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\bewijeze(2).dll
c:\windows\system32\boponase.dll.tmp
c:\windows\system32\diveredi.dll.tmp
c:\windows\system32\logon.exe
c:\windows\system32\lupuwufe(2).dll
c:\windows\system32\mefupojo(2).dll
c:\windows\system32\riyudegi.dll.tmp
c:\windows\system32\tomuzipu(2).dll

----- BITS: Possible infected sites -----

hxxp://namsgirvg050.grouphc.net:8530
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 03:39 . 2009-10-28 03:36 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 03:36 . 2009-10-28 03:41 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\.housecall6.6
2009-10-27 03:59 . 2009-10-27 03:59 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-27 03:56 . 2009-10-27 03:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 03:53 . 2009-10-27 03:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-10-26 04:42 . 2009-10-27 03:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2009-10-12 18:13 . 2009-10-28 22:15 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-12 05:27 . 2009-10-12 05:27 -------- d-----w- c:\program files\Trend Micro
2009-10-12 04:28 . 2009-10-12 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-12 04:27 . 2009-10-12 04:27 -------- d-----w- c:\program files\Common Files\iS3
2009-10-12 04:27 . 2009-10-12 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 04:30 . 2008-02-13 21:31 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-09-24 02:37 . 2009-09-24 02:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Walgreens
2009-09-24 02:31 . 2009-09-24 02:31 -------- d-----w- c:\program files\Walgreens
2009-09-21 02:47 . 2009-09-21 02:47 -------- d-----w- c:\program files\ICCup
2009-09-14 03:26 . 2009-09-03 03:13 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Skype
2009-09-14 03:26 . 2009-09-03 03:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\skypePM
2009-09-10 02:31 . 2009-09-10 02:31 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-09-10 02:31 . 2009-09-10 02:26 -------- d-----w- c:\program files\Logitech
2009-09-10 02:31 . 2007-02-14 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 02:29 . 2009-08-27 01:52 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-10 02:17 . 2009-08-27 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-09-10 02:12 . 2009-09-03 03:12 -------- d-----r- c:\program files\Skype
2009-09-10 02:11 . 2009-09-10 02:11 -------- d-----w- c:\program files\Common Files\Skype
2009-09-10 02:11 . 2009-09-03 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-09 21:46 . 2009-06-10 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\AIM6
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\Viewpoint
2009-09-03 03:17 . 2009-09-03 03:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-30 01:18 . 2009-08-30 01:18 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-03 18:36 . 2009-09-09 03:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-09-09 03:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.21.47 )))))))))))))))))))))))))))))))))))))))))
.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:56 PM, on 10/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe" "C:\Program Files\Hewlett-Packard\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://hansononline/hbma/Portal/resources/msddsc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171470851375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://usirapp01.hanson-america.net:8010/jinitiator/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\Software\..\Telephony: DomainName = grouphc.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grouphc.net
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 12183 bytes

Edited by iceicle1324: n/a

0

PhilliePhan, is there a good tutorial around for Gmer?

This is an old one from wng_z3r0's Blog A good deal has changed since then - a lot less intimidating.
Also, there is info on GMER site FAQ: http://www.gmer.net/#faq

Of course, you might have a different tool you prefer....

With GMER, rootkits will show in Red and you can RightClick on them and have the option to kill/disable/etc...
I have been told that the best way to remove these is to Disable them and then run ComboFix and have it remove them.

With this baddie, MBAM / Combofix ought to get it, if they can be run. Possibly start combofix with a CFScript addressing the driver and the rootkit file?
Driver::
Wmdmprov
Rootkit::
C:\WINDOWS\system32\qctqykkn.dll
FixCSet::

Something like that?

PP:)

Edit:
Looking at the truncated combofix log, it didn't get it. We'll need full log to see...

Edited by PhilliePhan: CFLog

0

Sorry this was where my HJT log was before I added it to first post. PP was stuck between posts!

Edited by iceicle1324: n/a

0

Sorry this was where my HJT log was before I added it to first post. PP was stuck between posts!

No worries.

Your combofix log is incomplete - we are missing an important part.
Please edit your post and post the entire log!

Also, run another GMER scan:

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes (GMER GUI). Please Uncheck the following:
- Sections
- IAT/EAT
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for us.

***Disconnect from the internet and do not run any other programs while GMER is scanning. DO NOT take any action for any found items until crunchie or I can have a look.

PP :)

0

I regret to inform you that that is all that was included in the log report. Should I run combofix again?

Sorry for all the trouble!

0

The log shows that you ran combofix (or at least, combofix was run) 3 times. The logs from these runs can be found at C:\qoologic so posting them all in their entirety would be good.

Edited by crunchie: n/a

0

Okay here's all three logs. I really hope this is what you need!

ComboFix 09-10-27.08 - bchodkowski 10/28/2009 17:16.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1672 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\desktop\combofix.exe
Command switches used :: /KillAll
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\LOG10.tmp
C:\LOG12.tmp
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\bewijeze(2).dll
c:\windows\system32\boponase.dll.tmp
c:\windows\system32\diveredi.dll.tmp
c:\windows\system32\logon.exe
c:\windows\system32\lupuwufe(2).dll
c:\windows\system32\mefupojo(2).dll
c:\windows\system32\riyudegi.dll.tmp
c:\windows\system32\tomuzipu(2).dll

----- BITS: Possible infected sites -----

hxxp://namsgirvg050.grouphc.net:8530
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 03:39 . 2009-10-28 03:36 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 03:36 . 2009-10-28 03:41 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\.housecall6.6
2009-10-27 03:59 . 2009-10-27 03:59 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-27 03:56 . 2009-10-27 03:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 03:53 . 2009-10-27 03:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-10-26 04:42 . 2009-10-27 03:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2009-10-12 18:13 . 2009-10-28 22:15 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-12 05:27 . 2009-10-12 05:27 -------- d-----w- c:\program files\Trend Micro
2009-10-12 04:28 . 2009-10-12 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-12 04:27 . 2009-10-12 04:27 -------- d-----w- c:\program files\Common Files\iS3
2009-10-12 04:27 . 2009-10-12 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 04:30 . 2008-02-13 21:31 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-09-24 02:37 . 2009-09-24 02:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Walgreens
2009-09-24 02:31 . 2009-09-24 02:31 -------- d-----w- c:\program files\Walgreens
2009-09-21 02:47 . 2009-09-21 02:47 -------- d-----w- c:\program files\ICCup
2009-09-14 03:26 . 2009-09-03 03:13 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Skype
2009-09-14 03:26 . 2009-09-03 03:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\skypePM
2009-09-10 02:31 . 2009-09-10 02:31 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-09-10 02:31 . 2009-09-10 02:26 -------- d-----w- c:\program files\Logitech
2009-09-10 02:31 . 2007-02-14 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 02:29 . 2009-08-27 01:52 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-10 02:17 . 2009-08-27 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-09-10 02:12 . 2009-09-03 03:12 -------- d-----r- c:\program files\Skype
2009-09-10 02:11 . 2009-09-10 02:11 -------- d-----w- c:\program files\Common Files\Skype
2009-09-10 02:11 . 2009-09-03 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-09 21:46 . 2009-06-10 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\AIM6
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\Viewpoint
2009-09-03 03:17 . 2009-09-03 03:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-30 01:18 . 2009-08-30 01:18 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-03 18:36 . 2009-09-09 03:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-09-09 03:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.21.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-28 22:23 . 2009-10-28 22:23 16384 c:\windows\temp\Perflib_Perfdata_518.dat
+ 2009-09-10 02:29 . 2004-08-04 05:56 53760 c:\windows\system32\vfwwdm32.dll
- 2004-08-04 00:56 . 2007-02-08 20:34 17408 c:\windows\system32\msyuv.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 17408 c:\windows\system32\msyuv.dll
- 2009-03-11 00:58 . 2009-03-11 00:58 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-11 00:58 . 2009-09-09 03:55 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-04 00:56 . 2007-02-08 20:34 47616 c:\windows\system32\iyuv_32.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 47616 c:\windows\system32\iyuv_32.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUSBSta.sys
+ 2009-09-10 02:30 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\LVUSBSta.sys
+ 2009-09-10 02:30 . 2008-07-26 15:26 66456 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvselsus.sys
+ 2009-09-10 02:30 . 2008-07-26 15:24 95384 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvpopflt.sys
+ 2009-09-10 02:28 . 2008-07-26 15:26 23832 c:\windows\system32\DRVSTORE\lvPRO5c_1BFC52D9685745C065979BCEBCC76EF496BB7037\lvuvcflt.sys
+ 2009-09-10 02:28 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUSBSta.sys
+ 2009-09-10 02:28 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\LVUSBSta.sys
+ 2009-09-10 02:28 . 2008-07-26 15:22 13848 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lv302af.sys
+ 2009-09-10 02:28 . 2008-02-01 09:46 41752 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUSBSta.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 19328 c:\windows\system32\drivers\WSTCODEC.SYS
+ 2009-07-13 18:39 . 2004-08-04 03:58 15104 c:\windows\system32\drivers\usbscan.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 15360 c:\windows\system32\drivers\StreamIP.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 11136 c:\windows\system32\drivers\SLIP.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 10880 c:\windows\system32\drivers\NdisIP.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 85376 c:\windows\system32\drivers\NABTSFEC.sys
+ 2009-09-10 02:29 . 2008-07-26 15:26 41752 c:\windows\system32\drivers\LVUSBSta.sys
+ 2008-07-26 13:25 . 2008-07-26 13:25 25624 c:\windows\system32\drivers\LVPr2Mon.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 17024 c:\windows\system32\drivers\CCDECODE.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 19328 c:\windows\system32\dllcache\wstcodec.sys
+ 2009-09-10 02:29 . 2004-08-04 05:56 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2009-07-13 18:39 . 2004-08-04 03:58 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 15360 c:\windows\system32\dllcache\streamip.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 11136 c:\windows\system32\dllcache\slip.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 85376 c:\windows\system32\dllcache\nabtsfec.sys
+ 2004-08-04 00:56 . 2004-08-04 05:56 17408 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-09-10 02:30 . 2004-08-04 04:10 17024 c:\windows\system32\dllcache\ccdecode.sys
- 2007-02-14 14:41 . 2009-06-03 03:26 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-02-14 14:41 . 2009-10-27 03:42 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-02-14 14:41 . 2009-10-27 03:42 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-02-14 14:41 . 2009-06-03 03:26 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-05 21:03 . 2009-05-05 21:03 24064 c:\windows\Installer\151a89.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 84992 c:\windows\Installer\119c22.msi
+ 2009-09-07 02:15 . 2009-09-07 02:15 57344 c:\windows\Installer\{53735ECE-E461-4FD0-B742-23A352436D3A}\ARPPRODUCTICON.exe
+ 2009-09-10 02:26 . 2009-09-10 02:26 53248 c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2009-09-10 02:26 . 2009-09-10 02:26 15086 c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2009-09-10 02:26 . 2009-09-10 02:26 15086 c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\ARPPRODUCTICON.exe
+ 2009-08-27 02:14 . 2009-08-27 02:14 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2001-08-17 22:36 . 2001-08-18 03:36 8192 c:\windows\system32\tsbyuv.dll
- 2001-08-17 22:36 . 2007-02-08 20:34 8192 c:\windows\system32\tsbyuv.dll
+ 2009-07-13 18:39 . 2001-08-18 03:36 5632 c:\windows\system32\ptpusb.dll
+ 2009-09-10 02:31 . 2004-08-04 03:58 5504 c:\windows\system32\drivers\MSTEE.sys
+ 2001-08-17 22:36 . 2001-08-18 03:36 8192 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-09-10 02:31 . 2004-08-04 03:58 5504 c:\windows\system32\dllcache\mstee.sys
+ 2009-10-28 22:24 . 2009-10-28 22:24 6092 c:\windows\SoftwareDistribution\EventCache\{D6C89D56-7906-4D94-808E-56226FAB3FAD}.bin
+ 2009-09-10 02:29 . 2008-07-26 15:27 236056 c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2009-10-28 22:23 . 2008-07-26 13:25 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2007-10-28 23:59 . 2007-10-28 23:59 323624 c:\windows\system32\wiaaut.dll
+ 2009-07-13 18:39 . 2004-08-04 05:56 159232 c:\windows\system32\ptpusd.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 294912 c:\windows\system32\msh263.drv
- 2004-08-04 00:56 . 2007-02-08 20:34 294912 c:\windows\system32\msh263.drv
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-09-10 02:29 . 2008-07-26 15:26 465432 c:\windows\system32\LVUI2RC.dll
+ 2009-09-10 02:29 . 2008-07-26 15:26 490008 c:\windows\system32\LVUI2.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 416280 c:\windows\system32\lvcodec2.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 195096 c:\windows\system32\lvci11801048.dll
+ 2009-09-10 02:30 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\WUApp32.exe
+ 2009-09-10 02:30 . 2008-07-26 15:27 236056 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvWIAext.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 465432 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUI2RC.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 490008 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUI2.dll
+ 2009-09-10 02:30 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvcoinst.dll
+ 2009-09-10 02:30 . 2008-07-26 15:23 416280 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvcodec2.dll
+ 2009-09-10 02:30 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\WUApp32.exe
+ 2009-09-10 02:30 . 2008-07-26 15:25 627864 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvrs.sys
+ 2009-09-10 02:30 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvcoinst.dll
+ 2009-09-10 02:29 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\WUApp32.exe
+ 2009-09-10 02:29 . 2008-07-26 15:27 236056 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvWIAext.dll
+ 2009-09-10 02:29 . 2008-07-26 15:26 465432 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUI2RC.dll
+ 2009-09-10 02:29 . 2008-07-26 15:26 490008 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUI2.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvcoinst.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 416280 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvcodec2.dll
+ 2009-09-10 02:28 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\WUApp32.exe
+ 2009-09-10 02:28 . 2008-07-26 15:25 627864 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lvrs.sys
+ 2009-09-10 02:28 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lvcoinst.dll
+ 2009-09-10 02:28 . 2008-02-01 09:49 439568 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\WUApp32.exe
+ 2009-09-10 02:28 . 2008-02-01 09:47 236056 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvWIAext.dll
+ 2009-09-10 02:28 . 2008-02-01 09:46 465432 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUI2RC.dll
+ 2009-09-10 02:28 . 2008-02-01 09:46 490008 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUI2.dll
+ 2009-09-10 02:28 . 2008-02-01 09:43 195096 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvcoinst.dll
+ 2009-09-10 02:28 . 2008-02-01 09:43 416280 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvcodec2.dll
+ 2009-09-10 02:28 . 2008-02-01 09:43 489624 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LV561AV.sys
- 2007-02-08 20:34 . 2009-06-10 02:16 182912 c:\windows\system32\drivers\ndis.sys
+ 2007-02-08 20:34 . 2009-06-10 17:06 182912 c:\windows\system32\drivers\ndis.sys
+ 2007-02-08 20:34 . 2009-06-10 02:16 182912 c:\windows\system32\drivers\ndis(4).sys
+ 2007-02-08 20:34 . 2009-06-10 02:12 182912 c:\windows\system32\drivers\ndis(3).sys
- 2007-02-08 20:34 . 2009-06-10 02:12 182912 c:\windows\system32\dllcache\ndis.sys
+ 2007-02-08 20:34 . 2009-06-10 17:02 182912 c:\windows\system32\dllcache\ndis.sys
+ 2008-01-30 16:41 . 2008-02-13 12:37 336896 c:\windows\system32\CCM\Cache\NAS0005F.1.System\UPHClean-Setup.msi
+ 2007-10-28 23:43 . 2007-10-28 23:43 516832 c:\windows\system32\capicom.dll
+ 2007-03-12 13:20 . 2007-03-12 13:20 340480 c:\windows\Installer\e9789fd.msi
+ 2007-09-22 17:39 . 2007-09-22 17:39 269312 c:\windows\Installer\ba103.msi
+ 2007-02-14 16:28 . 2007-02-14 16:28 902144 c:\windows\Installer\a5075.msi
+ 2009-01-07 20:49 . 2009-01-07 20:49 972800 c:\windows\Installer\a1412.msi
+ 2008-06-11 20:02 . 2008-06-11 20:02 830464 c:\windows\Installer\a140b.msp
+ 2008-07-28 20:59 . 2008-07-28 20:59 180736 c:\windows\Installer\a13f7.msp
+ 2007-02-14 14:46 . 2007-02-14 14:46 264704 c:\windows\Installer\9d7c5.msi
+ 2007-02-14 14:45 . 2007-02-14 14:45 331776 c:\windows\Installer\9d7bb.msi
+ 2008-06-11 20:02 . 2008-06-11 20:02 830464 c:\windows\Installer\968ea.msp
+ 2008-07-28 20:59 . 2008-07-28 20:59 180736 c:\windows\Installer\968d2.msp
+ 2008-09-30 17:58 . 2008-09-30 17:58 993280 c:\windows\Installer\9446c.msi
+ 2008-09-30 17:56 . 2008-09-30 17:56 289792 c:\windows\Installer\94468.msi
+ 2009-09-07 02:15 . 2009-09-07 02:15 257024 c:\windows\Installer\6fad2.msi
+ 2007-02-14 16:11 . 2007-02-14 16:11 625664 c:\windows\Installer\51b0c0.msi
+ 2006-06-13 18:12 . 2006-06-13 18:12 509440 c:\windows\Installer\4d7a4.msp
+ 2007-02-14 15:51 . 2007-02-14 15:51 844800 c:\windows\Installer\44a541.msi
+ 2007-02-14 15:50 . 2007-02-14 15:50 428544 c:\windows\Installer\44a53c.msi
+ 2009-01-08 01:03 . 2009-01-08 01:03 603648 c:\windows\Installer\40afd.msi
+ 2008-06-04 12:57 . 2008-06-04 12:57 277504 c:\windows\Installer\3e8d6.msi
+ 2009-01-09 09:01 . 2009-01-09 09:01 432640 c:\windows\Installer\3a9774a.msi
+ 2007-04-11 16:51 . 2007-04-11 16:51 888832 c:\windows\Installer\36bf86.msi
+ 2007-02-14 16:39 . 2007-02-14 16:39 189952 c:\windows\Installer\358c4.msi
+ 2007-07-03 18:28 . 2007-07-03 18:28 412672 c:\windows\Installer\355ad4.msi
+ 2007-02-14 15:29 . 2007-02-14 15:29 916480 c:\windows\Installer\327f14.msi
+ 2009-06-30 05:48 . 2009-06-30 05:48 683520 c:\windows\Installer\306102b.msi
+ 2007-08-29 12:49 . 2007-08-29 12:49 431104 c:\windows\Installer\30017.msi
+ 2007-11-13 13:15 . 2007-11-13 13:15 471552 c:\windows\Installer\23b5ec.msi
+ 2007-11-13 13:15 . 2007-11-13 13:15 664064 c:\windows\Installer\23b5e3.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 121344 c:\windows\Installer\23b5d7.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 395776 c:\windows\Installer\23b5d2.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 121344 c:\windows\Installer\23b5ca.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 422912 c:\windows\Installer\23b5c5.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 615936 c:\windows\Installer\23b5bf.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 361984 c:\windows\Installer\23b5ba.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 299520 c:\windows\Installer\23b5b5.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 121344 c:\windows\Installer\23b5ac.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 589312 c:\windows\Installer\23b5a7.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 253440 c:\windows\Installer\23b598.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 303104 c:\windows\Installer\23b593.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 479744 c:\windows\Installer\23b58e.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 121344 c:\windows\Installer\23b586.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 389632 c:\windows\Installer\23b581.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 121344 c:\windows\Installer\23b578.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 508928 c:\windows\Installer\23b573.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 121344 c:\windows\Installer\23b56b.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 309760 c:\windows\Installer\23b566.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 188928 c:\windows\Installer\23b561.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 184320 c:\windows\Installer\23b55c.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 121344 c:\windows\Installer\23b554.msi
+ 2007-04-24 19:42 . 2007-04-24 19:42 381952 c:\windows\Installer\201ce0.msi
+ 2007-04-24 19:42 . 2007-04-24 19:42 442368 c:\windows\Installer\201cdc.msi
+ 2007-04-24 19:41 . 2007-04-24 19:41 450560 c:\windows\Installer\201cd9.msi
+ 2009-09-10 02:21 . 2009-09-10 02:21 794112 c:\windows\Installer\1ddab.msi
+ 2008-07-19 03:43 . 2008-07-19 03:43 532992 c:\windows\Installer\18443.msi
+ 2008-12-29 13:21 . 2008-12-29 13:21 562176 c:\windows\Installer\17da0b.msi
+ 2007-04-11 15:20 . 2007-04-11 15:20 268800 c:\windows\Installer\14844a.msi
+ 2007-10-15 23:33 . 2007-10-15 23:33 269312 c:\windows\Installer\13b83d.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 273920 c:\windows\Installer\119c3d.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 542208 c:\windows\Installer\119c2f.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 379392 c:\windows\Installer\119c28.msi
+ 2008-02-13 12:37 . 2008-02-13 12:37 139264 c:\windows\Installer\10810d.msi
+ 2009-09-10 02:11 . 2009-09-10 02:11 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2007-01-24 01:41 . 2007-01-24 01:41 841304 c:\windows\Downloaded Program Files\ampAx3.0.84.2.dll
+ 2007-02-08 20:34 . 2007-02-08 20:34 1326080 c:\windows\system32\webfldrs.msi
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 4658584 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvuvc.sys
+ 2009-09-10 02:29 . 2008-07-26 15:22 2570520 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LV302V32.SYS
+ 2009-09-10 02:29 . 2008-07-26 15:22 2570520 c:\windows\system32\drivers\LV302V32.SYS
- 2009-05-13 21:12 . 2009-06-03 03:27 2293760 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-13 21:12 . 2009-10-27 03:42 2293760 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-17 18:57 . 2007-04-13 07:50 7471104 c:\windows\system32\ccmsetup\{2FBB7E06-7665-442B-98E3-189CB634C5CC}\client.msi
+ 2007-05-25 17:08 . 2007-05-25 17:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-07-17 19:02 . 2008-07-17 19:02 2137088 c:\windows\Installer\d9e6.msi
+ 2006-09-13 17:28 . 2006-09-13 17:28 3345408 c:\windows\Installer\c22ad.msp
+ 2006-04-18 18:48 . 2006-04-18 18:48 1629184 c:\windows\Installer\c22a5.msp
+ 2009-03-31 07:51 . 2009-03-31 07:51 4886528 c:\windows\Installer\bc11f.msi
+ 2009-03-31 07:50 . 2009-03-31 07:50 1659392 c:\windows\Installer\bc11b.msi
+ 2009-03-31 07:49 . 2009-03-31 07:49 8992256 c:\windows\Installer\bc116.msi
+ 2009-03-31 07:49 . 2009-03-31 07:49 1549312 c:\windows\Installer\bc111.msi
+ 2009-03-31 07:49 . 2009-03-31 07:49 3293696 c:\windows\Installer\bc10c.msi
+ 2007-04-13 07:50 . 2007-04-13 07:50 7471104 c:\windows\Installer\7c904.msi
+ 2008-06-11 20:05 . 2008-06-11 20:05 9994240 c:\windows\Installer\7c902.msp
+ 2007-07-23 22:40 . 2007-07-23 22:40 9945600 c:\windows\Installer\67d6b2.msp
+ 2007-04-25 21:14 . 2007-04-25 21:14 9828864 c:\windows\Installer\67d688.msp
+ 2007-11-16 18:58 . 2007-11-16 18:58 5495296 c:\windows\Installer\61fbe.msp
+ 2007-11-08 17:42 . 2007-11-08 17:42 4158464 c:\windows\Installer\61faa.msp
+ 2007-04-25 21:10 . 2007-04-25 21:10 6835712 c:\windows\Installer\61f84.msp
+ 2007-11-02 15:30 . 2007-11-02 15:30 7554048 c:\windows\Installer\5ee9a4.msp
+ 2007-05-22 15:46 . 2007-05-22 15:46 6108672 c:\windows\Installer\5ee98f.msp
+ 2007-02-14 16:13 . 2007-02-14 16:13 8240640 c:\windows\Installer\51b0c4.msi
+ 2007-02-14 16:04 . 2007-02-14 16:04 3397632 c:\windows\Installer\51b0bb.msi
+ 2006-12-04 17:51 . 2006-12-04 17:51 5250560 c:\windows\Installer\4d8a1.msp
+ 2006-11-20 17:42 . 2006-11-20 17:42 9713664 c:\windows\Installer\4d88b.msp
+ 2006-09-19 20:13 . 2006-09-19 20:13 8272896 c:\windows\Installer\4d876.msp
+ 2006-12-19 19:42 . 2006-12-19 19:42 6649856 c:\windows\Installer\4d861.msp
+ 2006-12-19 19:42 . 2006-12-19 19:42 4008448 c:\windows\Installer\4d83e.msp
+ 2006-09-11 16:19 . 2006-09-11 16:19 6253056 c:\windows\Installer\4d80e.msp
+ 2006-07-21 16:18 . 2006-07-21 16:18 4578816 c:\windows\Installer\4d7cf.msp
+ 2006-10-12 14:50 . 2006-10-12 14:50 1091584 c:\windows\Installer\4d7b9.msp
+ 2005-10-26 18:59 . 2005-10-26 18:59 2883072 c:\windows\Installer\4d78e.msp
+ 2006-08-16 02:36 . 2006-08-16 02:36 5206528 c:\windows\Installer\4d779.msp
+ 2007-04-11 15:58 . 2007-04-11 15:58 5923328 c:\windows\Installer\4d6b8.msi
+ 2008-04-01 19:33 . 2008-04-01 19:33 5479936 c:\windows\Installer\4c5a4.msp
+ 2008-01-31 15:30 . 2008-01-31 15:30 9947648 c:\windows\Installer\4c576.msp
+ 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\4c538.msp
+ 2008-03-16 22:11 . 2008-03-16 22:11 5512704 c:\windows\Installer\4c524.msp
+ 2007-02-14 15:49 . 2007-02-14 15:49 5864960 c:\windows\Installer\44a536.msp
+ 2006-04-18 18:48 . 2006-04-18 18:48 1629184 c:\windows\Installer\44a52f.msp
+ 2006-09-13 17:28 . 2006-09-13 17:28 3345408 c:\windows\Installer\44a52e.msp
+ 2007-02-14 15:45 . 2007-02-14 15:45 2109440 c:\windows\Installer\3f1850.msi
+ 2007-02-14 15:42 . 2007-02-14 15:42 3443712 c:\windows\Installer\3dc0ba.msi
+ 2008-07-08 17:27 . 2008-07-08 17:27 8436736 c:\windows\Installer\3a9775e.msp
+ 2007-07-03 18:30 . 2007-07-03 18:30 4185600 c:\windows\Installer\355ade.msi
+ 2007-01-10 14:05 . 2007-01-10 14:05 9921024 c:\windows\Installer\289ceb.msp
+ 2007-01-19 14:46 . 2007-01-19 14:46 6814208 c:\windows\Installer\289cd6.msp
+ 2007-03-19 14:31 . 2007-03-19 14:31 5259776 c:\windows\Installer\289cc1.msp
+ 2006-12-18 15:48 . 2006-12-18 15:48 5444096 c:\windows\Installer\289cac.msp
+ 2006-11-20 20:37 . 2006-11-20 20:37 6553088 c:\windows\Installer\289c97.msp
+ 2007-01-24 11:48 . 2007-01-24 11:48 9804800 c:\windows\Installer\289c6d.msp
+ 2008-02-13 01:58 . 2008-02-13 01:58 3620864 c:\windows\Installer\2084aa.msi
+ 2009-09-10 02:26 . 2009-09-10 02:26 3745280 c:\windows\Installer\1ddb2.msi
+ 2008-07-17 19:22 . 2008-07-17 19:22 7698432 c:\windows\Installer\11e7b2.msi
+ 2009-09-10 02:11 . 2009-09-10 02:11 1565696 c:\windows\Installer\10ca5b2.msi
+ 2007-02-14 15:29 . 2007-02-14 15:29 1863168 c:\windows\Downloaded Installations\{30E0B650-15F2-460F-98C9-0FC6E20CFC1E}\HMTCDWizard.msi
+ 2009-01-07 00:58 . 2009-10-27 03:59 17185912 c:\windows\system32\Restore\rstrlog.dat
+ 2007-04-24 19:05 . 2007-02-14 16:11 10673664 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142090}\Java 2 Runtime Environment, SE v1.4.2_09.msi
+ 2005-09-23 12:48 . 2005-09-23 12:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2007-03-12 13:24 . 2007-03-12 13:24 17103872 c:\windows\Installer\e978a0a.msi
+ 2008-08-15 00:49 . 2008-08-15 00:49 11615744 c:\windows\Installer\d1d8b4.msi
+ 2007-07-14 11:48 . 2007-07-14 11:48 15256576 c:\windows\Installer\aebe4.msp
+ 2007-05-29 19:41 . 2007-05-29 19:41 16549888 c:\windows\Installer\aebcd.msp
+ 2008-01-14 20:24 . 2008-01-14 20:24 10721280 c:\windows\Installer\6b29c.msp
+ 2007-05-01 15:29 . 2007-05-01 15:29 10994688 c:\windows\Installer\67d69d.msp
+ 2006-09-19 15:23 . 2006-09-19 15:23 12292096 c:\windows\Installer\4d823.msp
+ 2006-09-13 02:44 . 2006-09-13 02:44 13737984 c:\windows\Installer\4d7f9.msp
+ 2006-09-27 18:28 . 2006-09-27 18:28 10256384 c:\windows\Installer\4d7e4.msp
+ 2005-08-08 18:25 . 2005-08-08 18:25 97385984 c:\windows\Installer\4d762.msp
+ 2008-03-01 03:09 . 2008-03-01 03:09 16907776 c:\windows\Installer\4c58c.msp
+ 2008-04-14 19:26 . 2008-04-14 19:26 11888128 c:\windows\Installer\4c54d.msp
+ 2008-01-14 21:50 . 2008-01-14 21:50 11887104 c:\windows\Installer\4414e.msp
+ 2007-02-14 15:43 . 2007-02-14 15:43 19210240 c:\windows\Installer\3f1842.msp
+ 2008-03-17 17:48 . 2008-03-17 17:48 11813888 c:\windows\Installer\3e8ce.msp
+ 2008-08-13 20:49 . 2008-08-13 20:49 11816960 c:\windows\Installer\3a977b2.msp
+ 2008-07-30 14:50 . 2008-07-30 14:50 12506112 c:\windows\Installer\3a9779d.msp
+ 2008-07-08 16:09 . 2008-07-08 16:09 11887616 c:\windows\Installer\3a97788.msp
+ 2008-06-04 19:29 . 2008-06-04 19:29 16905728 c:\windows\Installer\3a97773.msp
+ 2007-01-18 18:29 . 2007-01-18 18:29 10978816 c:\windows\Installer\289c82.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2005-09-29 36864]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-9 66864]
VPN Client.lnk - c:\windows\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico [2007-2-14 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 07:15 63488 ----a-r- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55928:TCP"= 55928:TCP:GalleryAssemblies ModemWeb
"38781:TCP"= 38781:TCP:GalleryAssemblies SoftwareOffice
"21026:UDP"= 21026:UDP:GalleryAssemblies GoogleComponents
"37023:UDP"= 37023:UDP:GalleryAssemblies PublishWorks

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/15/2007 1:50 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2/14/2007 12:52 PM 36352]
S0 dtbyu;dtbyu;c:\windows\system32\drivers\bvdgk.sys --> c:\windows\system32\drivers\bvdgk.sys [?]
S0 phfzqldf;phfzqldf;c:\windows\system32\drivers\kbgzbk.sys --> c:\windows\system32\drivers\kbgzbk.sys [?]
S1 sdmanager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
S2 Wmdmprov;iyglu;c:\windows\system32\svchost.exe -k netsvcs [2/8/2007 3:34 PM 14336]
S3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [11/18/2005 3:21 PM 57600]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Wmdmprov
.
Contents of the 'Scheduled Tasks' folder

2009-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-28 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-07-31 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} - hxxp://hansononline/hbma/Portal/resources/msddsc.cab
FF - ProfilePath - c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Mozilla\Firefox\Profiles\1s396144.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-ccleaner - c:\documents and settings\bchodkowski.HANSON-AMERICA\Desktop\CCleaner\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 17:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmprov]
"ServiceDll"="c:\windows\system32\qctqykkn.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1324)
c:\program files\HPQ\IAM\Bin\OCGina.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\HPQ\IAM\bin\HPBrand.dll
c:\program files\HPQ\IAM\bin\ItTal.dll
c:\program files\HPQ\IAM\bin\ItReports.DLL
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\TrayIcon.dll
c:\program files\HPQ\IAM\Bin\ItDAC.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\STEngine.dll
c:\program files\HPQ\IAM\Bin\BioAuth.dll
c:\program files\HPQ\IAM\Bin\ITVCClient.dll
c:\program files\HPQ\IAM\Bin\AuthWiz.dll
c:\program files\HPQ\IAM\Bin\TpmAuth.dll
c:\program files\HPQ\IAM\Bin\TokenAuth.dll
c:\program files\HPQ\IAM\Bin\ittalsnap.DLL
c:\program files\HPQ\IAM\Bin\ItVCard.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\xenroll.dll
c:\program files\HPQ\IAM\Bin\ItAuth.dll

- - - - - - - > 'lsass.exe'(1380)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(5552)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\ItClient.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\McAfee\VirusScan Enterprise\scriptcl.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\combofix\CF31346.exe
c:\program files\Network Associates\Common Framework\McTray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 17:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 22:32
ComboFix2.txt 2009-06-10 17:16
ComboFix3.txt 2009-06-10 02:29

Pre-Run: 40,869,425,152 bytes free
Post-Run: 41,100,742,656 bytes free

- - End Of File - - 7115E3E9E14F03368B0535138AFD30BA

ComboFix 09-06-09.06 - bchodkowski 06/10/2009 12:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1530 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\1301700638.exe
c:\documents and settings\LocalService\Application Data\1361538659.exe
c:\documents and settings\LocalService\Application Data\1458931097.exe
c:\documents and settings\LocalService\Application Data\755020800.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\system32\avast!Antivirus.exe

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus


((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Malwarebytes
2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-10 03:28 . 2009-06-10 04:10 -------- d-----w- c:\program files\World of Warcraft(3)
2009-06-10 03:06 . 2009-06-10 17:11 117760 ----a-w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-10 03:04 . 2009-06-10 04:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-10 03:04 . 2009-06-10 03:04 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com
2009-06-10 02:50 . 2009-06-10 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 01:53 . 2009-06-10 02:19 63 ----a-w- c:\windows\system\SysSD.dll
2009-06-08 22:00 . 2009-06-10 04:10 -------- d-----w- c:\program files\World of Warcraft
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Acoustica
2009-05-17 05:32 . 2007-08-07 16:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\program files\VST
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-05-17 05:30 . 2009-05-17 07:02 -------- d-----w- c:\program files\Acoustica Mixcraft 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 17:06 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-10 02:16 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis(4).sys
2009-06-10 02:12 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis(3).sys
2009-05-08 04:06 . 2009-05-04 21:23 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\W Photo Studio Viewer
2009-05-06 18:33 . 2008-09-30 17:58 -------- d-----w- c:\program files\Google
2009-05-04 23:42 . 2009-05-04 20:27 98428 ----a-w- c:\windows\system32\drivers\c42c57a8.sys
2009-05-01 22:23 . 2009-05-01 17:53 100092 ----a-w- c:\windows\system32\drivers\e3d4ca63.sys
2009-03-13 02:18 . 2009-03-13 02:18 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.21.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 17:08 . 2009-06-10 17:08 16384 c:\windows\Temp\Perflib_Perfdata_440.dat
+ 2009-06-10 03:04 . 2009-06-10 03:04 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-06-10 03:04 . 2009-06-10 03:04 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-01-07 00:58 . 2009-06-10 04:11 811984 c:\windows\system32\Restore\rstrlog.dat
+ 2007-02-08 20:34 . 2009-06-10 17:02 182912 c:\windows\system32\dllcache\ndis.sys
- 2007-02-08 20:34 . 2009-06-10 02:12 182912 c:\windows\system32\dllcache\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2005-09-29 36864]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico [2007-2-14 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 07:15 63488 ----a-r- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/15/2007 1:50 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2/14/2007 12:52 PM 36352]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S1 sdmanager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
S2 avast!AVSControlService;avast!AVSControlService;c:\windows\System32\avast!AVSControlService.exe -k netsvcs --> c:\windows\System32\avast!AVSControlService.exe -k netsvcs [?]
S2 Wmdmprov;iyglu;c:\windows\system32\svchost.exe -k netsvcs [2/8/2007 3:34 PM 14336]
S3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [11/18/2005 3:21 PM 57600]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Wmdmprov
.
Contents of the 'Scheduled Tasks' folder

2009-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-10 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-07-31 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} - hxxp://hansononline/hbma/Portal/resources/msddsc.cab
FF - ProfilePath - c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Mozilla\Firefox\Profiles\1s396144.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 12:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmprov]
"ServiceDll"="c:\windows\system32\qctqykkn.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1324)
c:\program files\HPQ\IAM\Bin\OCGina.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\HPQ\IAM\bin\HPBrand.dll
c:\program files\HPQ\IAM\bin\ItTal.dll
c:\program files\HPQ\IAM\bin\ItReports.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\TrayIcon.dll
c:\program files\HPQ\IAM\Bin\ItDAC.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\STEngine.dll
c:\program files\HPQ\IAM\Bin\BioAuth.dll
c:\program files\HPQ\IAM\Bin\ITVCClient.dll
c:\program files\HPQ\IAM\Bin\AuthWiz.dll
c:\program files\HPQ\IAM\Bin\TpmAuth.dll
c:\program files\HPQ\IAM\Bin\TokenAuth.dll
c:\program files\HPQ\IAM\Bin\ittalsnap.DLL
c:\program files\HPQ\IAM\Bin\ItVCard.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\xenroll.dll
c:\program files\HPQ\IAM\Bin\ItAuth.dll

- - - - - - - > 'lsass.exe'(1380)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(3300)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\ItClient.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\msiexec.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-10 12:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 17:16
ComboFix2.txt 2009-06-10 02:29

Pre-Run: 41,009,635,328 bytes free
Post-Run: 40,986,390,528 bytes free

248 --- E O F --- 2009-01-09 09:06


ComboFix 09-06-09.06 - bchodkowski 06/09/2009 21:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1425 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Application Data\1361538659.exe
c:\documents and settings\LocalService\Application Data\1458931097.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\9g2234wesdf3dfgjf23
c:\windows\system32\__c005BF47.dat
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\avast!AVSControlService.exe
c:\windows\system32\azton.mt
c:\windows\system32\hobukubo.dll.vir
c:\windows\system32\jbnmck.dll
c:\windows\system32\sft.res
c:\windows\system32\wejoseti.dll.tmp
c:\windows\system32\wiyoyova.dll.vir
c:\windows\system32\wopowupa.dll.tmp
c:\windows\system32\yeruwuma.dll.tmp
c:\windows\t55ft2692f44.dat
c:\windows\Temp\1175753116.exe
c:\windows\Temp\120.exe
c:\windows\Temp\1278194978.exe
c:\windows\Temp\1809917352.exe
c:\windows\Temp\210051792.exe
c:\windows\Temp\2431865338.exe
c:\windows\Temp\2441084088.exe
c:\windows\Temp\2580771588.exe
c:\windows\Temp\2762831588.exe
c:\windows\Temp\2769862838.exe
c:\windows\Temp\29045260.exe
c:\windows\Temp\2944394088.exe
c:\windows\Temp\3246240338.exe
c:\windows\Temp\3247490338.exe
c:\windows\Temp\3387177838.exe
c:\windows\Temp\4050698602.exe
c:\windows\Temp\4180698602.exe
c:\windows\Temp\658565616.exe
c:\windows\Temp\658878116.exe
c:\windows\Temp\687.exe
c:\windows\Temp\822054292.exe
c:\windows\Temp\869866792.exe
c:\windows\Temp\925.exe

----- BITS: Possible infected sites -----

hxxp://NAMSAMRVL009:80
hxxp://NAMSAMRVL009.grouphc.net:80
Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus


((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 01:53 . 2009-06-10 02:19 63 ----a-w- c:\windows\system\SysSD.dll
2009-06-10 01:53 . 2009-01-07 22:20 13776 ----a-w- c:\windows\system32\SDEarlyDelete.exe
2009-06-10 01:53 . 2009-01-22 15:29 1060864 ----a-w- c:\windows\system32\CheckDll.dll
2009-06-10 01:53 . 2009-06-10 01:56 -------- d-----w- c:\program files\SpywareDetector
2009-06-10 01:44 . 2009-06-10 01:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 22:22 . 2009-06-10 02:22 99422 ----a-w- c:\windows\system32\drivers\274af6ef.sys
2009-06-08 22:00 . 2009-06-08 22:15 -------- d-----w- c:\program files\World of Warcraft
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Acoustica
2009-05-17 05:32 . 2007-08-07 16:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\program files\VST
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-05-17 05:30 . 2009-05-17 07:02 -------- d-----w- c:\program files\Acoustica Mixcraft 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 02:16 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-05-08 04:06 . 2009-05-04 21:23 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\W Photo Studio Viewer
2009-05-06 18:33 . 2008-09-30 17:58 -------- d-----w- c:\program files\Google
2009-05-04 23:42 . 2009-05-04 20:27 98428 ----a-w- c:\windows\system32\drivers\c42c57a8.sys
2009-05-01 22:23 . 2009-05-01 17:53 100092 ----a-w- c:\windows\system32\drivers\e3d4ca63.sys
2009-03-13 02:18 . 2009-03-13 02:18 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2005-09-29 36864]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [2009-01-31 1366528]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico [2007-2-14 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 07:15 63488 ----a-r- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sdnotify]
2008-12-01 16:15 475136 ----a-w- c:\program files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

R1 sdmanager;SDManager;c:\program files\SpywareDetector\SDManager.sys [6/9/2009 8:53 PM 13696]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
R2 sdmainsvc;SDMainSvc;c:\program files\SpywareDetector\SDMainService.exe [6/9/2009 8:53 PM 923088]
R2 sdservice;SDService;c:\program files\SpywareDetector\SDService.exe [6/9/2009 8:53 PM 1720192]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/15/2007 1:50 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2/14/2007 12:52 PM 36352]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
S2 avast!AVSControlService;avast!AVSControlService;c:\windows\System32\avast!AVSControlService.exe -k netsvcs --> c:\windows\System32\avast!AVSControlService.exe -k netsvcs [?]
S2 Wmdmprov;iyglu;c:\windows\system32\svchost.exe -k netsvcs [2/8/2007 3:34 PM 14336]
S3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [11/18/2005 3:21 PM 57600]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SDMANAGER
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Wmdmprov
.
Contents of the 'Scheduled Tasks' folder

2009-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-09 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-07-31 04:55]
.
- - - - ORPHANS REMOVED - - - -

BHO-{AFF01325-0FC2-4749-8914-FBF0565AD9CC} - jbnmck.dll
HKCU-Explorer_Run-1 - \\namarirvg001\admove$\emwprof\emwprof.bat


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: heidelbergcement.cyberu.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} - hxxp://hansononline/hbma/Portal/resources/msddsc.cab
FF - ProfilePath - c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Mozilla\Firefox\Profiles\1s396144.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 21:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\274af6ef]
"ImagePath"="\SystemRoot\System32\drivers\274af6ef.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmprov]
"ServiceDll"="c:\windows\system32\qctqykkn.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\program files\HPQ\IAM\Bin\OCGina.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\HPQ\IAM\bin\HPBrand.dll
c:\program files\HPQ\IAM\bin\ItTal.dll
c:\program files\HPQ\IAM\bin\ItReports.DLL
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\SpywareDetector\SDNotify.dll
c:\program files\HPQ\IAM\Bin\TrayIcon.dll
c:\program files\HPQ\IAM\Bin\ItDAC.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\STEngine.dll
c:\program files\HPQ\IAM\Bin\BioAuth.dll
c:\program files\HPQ\IAM\Bin\ITVCClient.dll
c:\program files\HPQ\IAM\Bin\AuthWiz.dll
c:\program files\HPQ\IAM\Bin\TpmAuth.dll
c:\program files\HPQ\IAM\Bin\TokenAuth.dll
c:\program files\HPQ\IAM\Bin\ittalsnap.DLL
c:\program files\HPQ\IAM\Bin\ItVCard.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\xenroll.dll
c:\program files\HPQ\IAM\Bin\ItAuth.dll

- - - - - - - > 'lsass.exe'(1396)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(324)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\ItClient.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\msiexec.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-10 21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 02:29

Pre-Run: 41,345,921,024 bytes free
Post-Run: 41,452,838,912 bytes free

281 --- E O F --- 2009-01-09 09:06

0

Okay here's all three logs. I really hope this is what you need! I apologize for not getting this to you the first time.

ComboFix 09-10-27.08 - bchodkowski 10/28/2009 17:16.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1672 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\desktop\combofix.exe
Command switches used :: /KillAll
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\LOG10.tmp
C:\LOG12.tmp
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\bewijeze(2).dll
c:\windows\system32\boponase.dll.tmp
c:\windows\system32\diveredi.dll.tmp
c:\windows\system32\logon.exe
c:\windows\system32\lupuwufe(2).dll
c:\windows\system32\mefupojo(2).dll
c:\windows\system32\riyudegi.dll.tmp
c:\windows\system32\tomuzipu(2).dll

----- BITS: Possible infected sites -----

hxxp://namsgirvg050.grouphc.net:8530
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 03:39 . 2009-10-28 03:36 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 03:36 . 2009-10-28 03:41 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\.housecall6.6
2009-10-27 03:59 . 2009-10-27 03:59 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-27 03:56 . 2009-10-27 03:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 03:53 . 2009-10-27 03:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-10-26 04:42 . 2009-10-27 03:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2009-10-12 18:13 . 2009-10-28 22:15 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-12 05:27 . 2009-10-12 05:27 -------- d-----w- c:\program files\Trend Micro
2009-10-12 04:28 . 2009-10-12 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-12 04:27 . 2009-10-12 04:27 -------- d-----w- c:\program files\Common Files\iS3
2009-10-12 04:27 . 2009-10-12 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 04:30 . 2008-02-13 21:31 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-09-24 02:37 . 2009-09-24 02:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Walgreens
2009-09-24 02:31 . 2009-09-24 02:31 -------- d-----w- c:\program files\Walgreens
2009-09-21 02:47 . 2009-09-21 02:47 -------- d-----w- c:\program files\ICCup
2009-09-14 03:26 . 2009-09-03 03:13 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Skype
2009-09-14 03:26 . 2009-09-03 03:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\skypePM
2009-09-10 02:31 . 2009-09-10 02:31 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-09-10 02:31 . 2009-09-10 02:26 -------- d-----w- c:\program files\Logitech
2009-09-10 02:31 . 2007-02-14 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 02:29 . 2009-08-27 01:52 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-10 02:17 . 2009-08-27 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-09-10 02:12 . 2009-09-03 03:12 -------- d-----r- c:\program files\Skype
2009-09-10 02:11 . 2009-09-10 02:11 -------- d-----w- c:\program files\Common Files\Skype
2009-09-10 02:11 . 2009-09-03 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-09 21:46 . 2009-06-10 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\AIM6
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\Viewpoint
2009-09-03 03:17 . 2009-09-03 03:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-30 01:18 . 2009-08-30 01:18 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-03 18:36 . 2009-09-09 03:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-09-09 03:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.21.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-28 22:23 . 2009-10-28 22:23 16384 c:\windows\temp\Perflib_Perfdata_518.dat
+ 2009-09-10 02:29 . 2004-08-04 05:56 53760 c:\windows\system32\vfwwdm32.dll
- 2004-08-04 00:56 . 2007-02-08 20:34 17408 c:\windows\system32\msyuv.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 17408 c:\windows\system32\msyuv.dll
- 2009-03-11 00:58 . 2009-03-11 00:58 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-11 00:58 . 2009-09-09 03:55 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-04 00:56 . 2007-02-08 20:34 47616 c:\windows\system32\iyuv_32.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 47616 c:\windows\system32\iyuv_32.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUSBSta.sys
+ 2009-09-10 02:30 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\LVUSBSta.sys
+ 2009-09-10 02:30 . 2008-07-26 15:26 66456 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvselsus.sys
+ 2009-09-10 02:30 . 2008-07-26 15:24 95384 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvpopflt.sys
+ 2009-09-10 02:28 . 2008-07-26 15:26 23832 c:\windows\system32\DRVSTORE\lvPRO5c_1BFC52D9685745C065979BCEBCC76EF496BB7037\lvuvcflt.sys
+ 2009-09-10 02:28 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUSBSta.sys
+ 2009-09-10 02:28 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\LVUSBSta.sys
+ 2009-09-10 02:28 . 2008-07-26 15:22 13848 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lv302af.sys
+ 2009-09-10 02:28 . 2008-02-01 09:46 41752 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUSBSta.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 19328 c:\windows\system32\drivers\WSTCODEC.SYS
+ 2009-07-13 18:39 . 2004-08-04 03:58 15104 c:\windows\system32\drivers\usbscan.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 15360 c:\windows\system32\drivers\StreamIP.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 11136 c:\windows\system32\drivers\SLIP.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 10880 c:\windows\system32\drivers\NdisIP.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 85376 c:\windows\system32\drivers\NABTSFEC.sys
+ 2009-09-10 02:29 . 2008-07-26 15:26 41752 c:\windows\system32\drivers\LVUSBSta.sys
+ 2008-07-26 13:25 . 2008-07-26 13:25 25624 c:\windows\system32\drivers\LVPr2Mon.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 17024 c:\windows\system32\drivers\CCDECODE.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 19328 c:\windows\system32\dllcache\wstcodec.sys
+ 2009-09-10 02:29 . 2004-08-04 05:56 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2009-07-13 18:39 . 2004-08-04 03:58 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 15360 c:\windows\system32\dllcache\streamip.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 11136 c:\windows\system32\dllcache\slip.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 85376 c:\windows\system32\dllcache\nabtsfec.sys
+ 2004-08-04 00:56 . 2004-08-04 05:56 17408 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-09-10 02:30 . 2004-08-04 04:10 17024 c:\windows\system32\dllcache\ccdecode.sys
- 2007-02-14 14:41 . 2009-06-03 03:26 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-02-14 14:41 . 2009-10-27 03:42 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-02-14 14:41 . 2009-10-27 03:42 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-02-14 14:41 . 2009-06-03 03:26 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-05 21:03 . 2009-05-05 21:03 24064 c:\windows\Installer\151a89.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 84992 c:\windows\Installer\119c22.msi
+ 2009-09-07 02:15 . 2009-09-07 02:15 57344 c:\windows\Installer\{53735ECE-E461-4FD0-B742-23A352436D3A}\ARPPRODUCTICON.exe
+ 2009-09-10 02:26 . 2009-09-10 02:26 53248 c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2009-09-10 02:26 . 2009-09-10 02:26 15086 c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2009-09-10 02:26 . 2009-09-10 02:26 15086 c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\ARPPRODUCTICON.exe
+ 2009-08-27 02:14 . 2009-08-27 02:14 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2001-08-17 22:36 . 2001-08-18 03:36 8192 c:\windows\system32\tsbyuv.dll
- 2001-08-17 22:36 . 2007-02-08 20:34 8192 c:\windows\system32\tsbyuv.dll
+ 2009-07-13 18:39 . 2001-08-18 03:36 5632 c:\windows\system32\ptpusb.dll
+ 2009-09-10 02:31 . 2004-08-04 03:58 5504 c:\windows\system32\drivers\MSTEE.sys
+ 2001-08-17 22:36 . 2001-08-18 03:36 8192 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-09-10 02:31 . 2004-08-04 03:58 5504 c:\windows\system32\dllcache\mstee.sys
+ 2009-10-28 22:24 . 2009-10-28 22:24 6092 c:\windows\SoftwareDistribution\EventCache\{D6C89D56-7906-4D94-808E-56226FAB3FAD}.bin
+ 2009-09-10 02:29 . 2008-07-26 15:27 236056 c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2009-10-28 22:23 . 2008-07-26 13:25 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2007-10-28 23:59 . 2007-10-28 23:59 323624 c:\windows\system32\wiaaut.dll
+ 2009-07-13 18:39 . 2004-08-04 05:56 159232 c:\windows\system32\ptpusd.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 294912 c:\windows\system32\msh263.drv
- 2004-08-04 00:56 . 2007-02-08 20:34 294912 c:\windows\system32\msh263.drv
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-09-10 02:29 . 2008-07-26 15:26 465432 c:\windows\system32\LVUI2RC.dll
+ 2009-09-10 02:29 . 2008-07-26 15:26 490008 c:\windows\system32\LVUI2.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 416280 c:\windows\system32\lvcodec2.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 195096 c:\windows\system32\lvci11801048.dll
+ 2009-09-10 02:30 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\WUApp32.exe
+ 2009-09-10 02:30 . 2008-07-26 15:27 236056 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvWIAext.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 465432 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUI2RC.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 490008 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUI2.dll
+ 2009-09-10 02:30 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvcoinst.dll
+ 2009-09-10 02:30 . 2008-07-26 15:23 416280 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvcodec2.dll
+ 2009-09-10 02:30 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\WUApp32.exe
+ 2009-09-10 02:30 . 2008-07-26 15:25 627864 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvrs.sys
+ 2009-09-10 02:30 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvcoinst.dll
+ 2009-09-10 02:29 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\WUApp32.exe
+ 2009-09-10 02:29 . 2008-07-26 15:27 236056 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvWIAext.dll
+ 2009-09-10 02:29 . 2008-07-26 15:26 465432 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUI2RC.dll
+ 2009-09-10 02:29 . 2008-07-26 15:26 490008 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUI2.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvcoinst.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 416280 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvcodec2.dll
+ 2009-09-10 02:28 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\WUApp32.exe
+ 2009-09-10 02:28 . 2008-07-26 15:25 627864 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lvrs.sys
+ 2009-09-10 02:28 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lvcoinst.dll
+ 2009-09-10 02:28 . 2008-02-01 09:49 439568 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\WUApp32.exe
+ 2009-09-10 02:28 . 2008-02-01 09:47 236056 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvWIAext.dll
+ 2009-09-10 02:28 . 2008-02-01 09:46 465432 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUI2RC.dll
+ 2009-09-10 02:28 . 2008-02-01 09:46 490008 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUI2.dll
+ 2009-09-10 02:28 . 2008-02-01 09:43 195096 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvcoinst.dll
+ 2009-09-10 02:28 . 2008-02-01 09:43 416280 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvcodec2.dll
+ 2009-09-10 02:28 . 2008-02-01 09:43 489624 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LV561AV.sys
- 2007-02-08 20:34 . 2009-06-10 02:16 182912 c:\windows\system32\drivers\ndis.sys
+ 2007-02-08 20:34 . 2009-06-10 17:06 182912 c:\windows\system32\drivers\ndis.sys
+ 2007-02-08 20:34 . 2009-06-10 02:16 182912 c:\windows\system32\drivers\ndis(4).sys
+ 2007-02-08 20:34 . 2009-06-10 02:12 182912 c:\windows\system32\drivers\ndis(3).sys
- 2007-02-08 20:34 . 2009-06-10 02:12 182912 c:\windows\system32\dllcache\ndis.sys
+ 2007-02-08 20:34 . 2009-06-10 17:02 182912 c:\windows\system32\dllcache\ndis.sys
+ 2008-01-30 16:41 . 2008-02-13 12:37 336896 c:\windows\system32\CCM\Cache\NAS0005F.1.System\UPHClean-Setup.msi
+ 2007-10-28 23:43 . 2007-10-28 23:43 516832 c:\windows\system32\capicom.dll
+ 2007-03-12 13:20 . 2007-03-12 13:20 340480 c:\windows\Installer\e9789fd.msi
+ 2007-09-22 17:39 . 2007-09-22 17:39 269312 c:\windows\Installer\ba103.msi
+ 2007-02-14 16:28 . 2007-02-14 16:28 902144 c:\windows\Installer\a5075.msi
+ 2009-01-07 20:49 . 2009-01-07 20:49 972800 c:\windows\Installer\a1412.msi
+ 2008-06-11 20:02 . 2008-06-11 20:02 830464 c:\windows\Installer\a140b.msp
+ 2008-07-28 20:59 . 2008-07-28 20:59 180736 c:\windows\Installer\a13f7.msp
+ 2007-02-14 14:46 . 2007-02-14 14:46 264704 c:\windows\Installer\9d7c5.msi
+ 2007-02-14 14:45 . 2007-02-14 14:45 331776 c:\windows\Installer\9d7bb.msi
+ 2008-06-11 20:02 . 2008-06-11 20:02 830464 c:\windows\Installer\968ea.msp
+ 2008-07-28 20:59 . 2008-07-28 20:59 180736 c:\windows\Installer\968d2.msp
+ 2008-09-30 17:58 . 2008-09-30 17:58 993280 c:\windows\Installer\9446c.msi
+ 2008-09-30 17:56 . 2008-09-30 17:56 289792 c:\windows\Installer\94468.msi
+ 2009-09-07 02:15 . 2009-09-07 02:15 257024 c:\windows\Installer\6fad2.msi
+ 2007-02-14 16:11 . 2007-02-14 16:11 625664 c:\windows\Installer\51b0c0.msi
+ 2006-06-13 18:12 . 2006-06-13 18:12 509440 c:\windows\Installer\4d7a4.msp
+ 2007-02-14 15:51 . 2007-02-14 15:51 844800 c:\windows\Installer\44a541.msi
+ 2007-02-14 15:50 . 2007-02-14 15:50 428544 c:\windows\Installer\44a53c.msi
+ 2009-01-08 01:03 . 2009-01-08 01:03 603648 c:\windows\Installer\40afd.msi
+ 2008-06-04 12:57 . 2008-06-04 12:57 277504 c:\windows\Installer\3e8d6.msi
+ 2009-01-09 09:01 . 2009-01-09 09:01 432640 c:\windows\Installer\3a9774a.msi
+ 2007-04-11 16:51 . 2007-04-11 16:51 888832 c:\windows\Installer\36bf86.msi
+ 2007-02-14 16:39 . 2007-02-14 16:39 189952 c:\windows\Installer\358c4.msi
+ 2007-07-03 18:28 . 2007-07-03 18:28 412672 c:\windows\Installer\355ad4.msi
+ 2007-02-14 15:29 . 2007-02-14 15:29 916480 c:\windows\Installer\327f14.msi
+ 2009-06-30 05:48 . 2009-06-30 05:48 683520 c:\windows\Installer\306102b.msi
+ 2007-08-29 12:49 . 2007-08-29 12:49 431104 c:\windows\Installer\30017.msi
+ 2007-11-13 13:15 . 2007-11-13 13:15 471552 c:\windows\Installer\23b5ec.msi
+ 2007-11-13 13:15 . 2007-11-13 13:15 664064 c:\windows\Installer\23b5e3.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 121344 c:\windows\Installer\23b5d7.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 395776 c:\windows\Installer\23b5d2.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 121344 c:\windows\Installer\23b5ca.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 422912 c:\windows\Installer\23b5c5.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 615936 c:\windows\Installer\23b5bf.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 361984 c:\windows\Installer\23b5ba.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 299520 c:\windows\Installer\23b5b5.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 121344 c:\windows\Installer\23b5ac.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 589312 c:\windows\Installer\23b5a7.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 253440 c:\windows\Installer\23b598.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 303104 c:\windows\Installer\23b593.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 479744 c:\windows\Installer\23b58e.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 121344 c:\windows\Installer\23b586.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 389632 c:\windows\Installer\23b581.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 121344 c:\windows\Installer\23b578.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 508928 c:\windows\Installer\23b573.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 121344 c:\windows\Installer\23b56b.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 309760 c:\windows\Installer\23b566.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 188928 c:\windows\Installer\23b561.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 184320 c:\windows\Installer\23b55c.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 121344 c:\windows\Installer\23b554.msi
+ 2007-04-24 19:42 . 2007-04-24 19:42 381952 c:\windows\Installer\201ce0.msi
+ 2007-04-24 19:42 . 2007-04-24 19:42 442368 c:\windows\Installer\201cdc.msi
+ 2007-04-24 19:41 . 2007-04-24 19:41 450560 c:\windows\Installer\201cd9.msi
+ 2009-09-10 02:21 . 2009-09-10 02:21 794112 c:\windows\Installer\1ddab.msi
+ 2008-07-19 03:43 . 2008-07-19 03:43 532992 c:\windows\Installer\18443.msi
+ 2008-12-29 13:21 . 2008-12-29 13:21 562176 c:\windows\Installer\17da0b.msi
+ 2007-04-11 15:20 . 2007-04-11 15:20 268800 c:\windows\Installer\14844a.msi
+ 2007-10-15 23:33 . 2007-10-15 23:33 269312 c:\windows\Installer\13b83d.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 273920 c:\windows\Installer\119c3d.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 542208 c:\windows\Installer\119c2f.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 379392 c:\windows\Installer\119c28.msi
+ 2008-02-13 12:37 . 2008-02-13 12:37 139264 c:\windows\Installer\10810d.msi
+ 2009-09-10 02:11 . 2009-09-10 02:11 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2007-01-24 01:41 . 2007-01-24 01:41 841304 c:\windows\Downloaded Program Files\ampAx3.0.84.2.dll
+ 2007-02-08 20:34 . 2007-02-08 20:34 1326080 c:\windows\system32\webfldrs.msi
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 4658584 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvuvc.sys
+ 2009-09-10 02:29 . 2008-07-26 15:22 2570520 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LV302V32.SYS
+ 2009-09-10 02:29 . 2008-07-26 15:22 2570520 c:\windows\system32\drivers\LV302V32.SYS
- 2009-05-13 21:12 . 2009-06-03 03:27 2293760 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-13 21:12 . 2009-10-27 03:42 2293760 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-17 18:57 . 2007-04-13 07:50 7471104 c:\windows\system32\ccmsetup\{2FBB7E06-7665-442B-98E3-189CB634C5CC}\client.msi
+ 2007-05-25 17:08 . 2007-05-25 17:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-07-17 19:02 . 2008-07-17 19:02 2137088 c:\windows\Installer\d9e6.msi
+ 2006-09-13 17:28 . 2006-09-13 17:28 3345408 c:\windows\Installer\c22ad.msp
+ 2006-04-18 18:48 . 2006-04-18 18:48 1629184 c:\windows\Installer\c22a5.msp
+ 2009-03-31 07:51 . 2009-03-31 07:51 4886528 c:\windows\Installer\bc11f.msi
+ 2009-03-31 07:50 . 2009-03-31 07:50 1659392 c:\windows\Installer\bc11b.msi
+ 2009-03-31 07:49 . 2009-03-31 07:49 8992256 c:\windows\Installer\bc116.msi
+ 2009-03-31 07:49 . 2009-03-31 07:49 1549312 c:\windows\Installer\bc111.msi
+ 2009-03-31 07:49 . 2009-03-31 07:49 3293696 c:\windows\Installer\bc10c.msi
+ 2007-04-13 07:50 . 2007-04-13 07:50 7471104 c:\windows\Installer\7c904.msi
+ 2008-06-11 20:05 . 2008-06-11 20:05 9994240 c:\windows\Installer\7c902.msp
+ 2007-07-23 22:40 . 2007-07-23 22:40 9945600 c:\windows\Installer\67d6b2.msp
+ 2007-04-25 21:14 . 2007-04-25 21:14 9828864 c:\windows\Installer\67d688.msp
+ 2007-11-16 18:58 . 2007-11-16 18:58 5495296 c:\windows\Installer\61fbe.msp
+ 2007-11-08 17:42 . 2007-11-08 17:42 4158464 c:\windows\Installer\61faa.msp
+ 2007-04-25 21:10 . 2007-04-25 21:10 6835712 c:\windows\Installer\61f84.msp
+ 2007-11-02 15:30 . 2007-11-02 15:30 7554048 c:\windows\Installer\5ee9a4.msp
+ 2007-05-22 15:46 . 2007-05-22 15:46 6108672 c:\windows\Installer\5ee98f.msp
+ 2007-02-14 16:13 . 2007-02-14 16:13 8240640 c:\windows\Installer\51b0c4.msi
+ 2007-02-14 16:04 . 2007-02-14 16:04 3397632 c:\windows\Installer\51b0bb.msi
+ 2006-12-04 17:51 . 2006-12-04 17:51 5250560 c:\windows\Installer\4d8a1.msp
+ 2006-11-20 17:42 . 2006-11-20 17:42 9713664 c:\windows\Installer\4d88b.msp
+ 2006-09-19 20:13 . 2006-09-19 20:13 8272896 c:\windows\Installer\4d876.msp
+ 2006-12-19 19:42 . 2006-12-19 19:42 6649856 c:\windows\Installer\4d861.msp
+ 2006-12-19 19:42 . 2006-12-19 19:42 4008448 c:\windows\Installer\4d83e.msp
+ 2006-09-11 16:19 . 2006-09-11 16:19 6253056 c:\windows\Installer\4d80e.msp
+ 2006-07-21 16:18 . 2006-07-21 16:18 4578816 c:\windows\Installer\4d7cf.msp
+ 2006-10-12 14:50 . 2006-10-12 14:50 1091584 c:\windows\Installer\4d7b9.msp
+ 2005-10-26 18:59 . 2005-10-26 18:59 2883072 c:\windows\Installer\4d78e.msp
+ 2006-08-16 02:36 . 2006-08-16 02:36 5206528 c:\windows\Installer\4d779.msp
+ 2007-04-11 15:58 . 2007-04-11 15:58 5923328 c:\windows\Installer\4d6b8.msi
+ 2008-04-01 19:33 . 2008-04-01 19:33 5479936 c:\windows\Installer\4c5a4.msp
+ 2008-01-31 15:30 . 2008-01-31 15:30 9947648 c:\windows\Installer\4c576.msp
+ 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\4c538.msp
+ 2008-03-16 22:11 . 2008-03-16 22:11 5512704 c:\windows\Installer\4c524.msp
+ 2007-02-14 15:49 . 2007-02-14 15:49 5864960 c:\windows\Installer\44a536.msp
+ 2006-04-18 18:48 . 2006-04-18 18:48 1629184 c:\windows\Installer\44a52f.msp
+ 2006-09-13 17:28 . 2006-09-13 17:28 3345408 c:\windows\Installer\44a52e.msp
+ 2007-02-14 15:45 . 2007-02-14 15:45 2109440 c:\windows\Installer\3f1850.msi
+ 2007-02-14 15:42 . 2007-02-14 15:42 3443712 c:\windows\Installer\3dc0ba.msi
+ 2008-07-08 17:27 . 2008-07-08 17:27 8436736 c:\windows\Installer\3a9775e.msp
+ 2007-07-03 18:30 . 2007-07-03 18:30 4185600 c:\windows\Installer\355ade.msi
+ 2007-01-10 14:05 . 2007-01-10 14:05 9921024 c:\windows\Installer\289ceb.msp
+ 2007-01-19 14:46 . 2007-01-19 14:46 6814208 c:\windows\Installer\289cd6.msp
+ 2007-03-19 14:31 . 2007-03-19 14:31 5259776 c:\windows\Installer\289cc1.msp
+ 2006-12-18 15:48 . 2006-12-18 15:48 5444096 c:\windows\Installer\289cac.msp
+ 2006-11-20 20:37 . 2006-11-20 20:37 6553088 c:\windows\Installer\289c97.msp
+ 2007-01-24 11:48 . 2007-01-24 11:48 9804800 c:\windows\Installer\289c6d.msp
+ 2008-02-13 01:58 . 2008-02-13 01:58 3620864 c:\windows\Installer\2084aa.msi
+ 2009-09-10 02:26 . 2009-09-10 02:26 3745280 c:\windows\Installer\1ddb2.msi
+ 2008-07-17 19:22 . 2008-07-17 19:22 7698432 c:\windows\Installer\11e7b2.msi
+ 2009-09-10 02:11 . 2009-09-10 02:11 1565696 c:\windows\Installer\10ca5b2.msi
+ 2007-02-14 15:29 . 2007-02-14 15:29 1863168 c:\windows\Downloaded Installations\{30E0B650-15F2-460F-98C9-0FC6E20CFC1E}\HMTCDWizard.msi
+ 2009-01-07 00:58 . 2009-10-27 03:59 17185912 c:\windows\system32\Restore\rstrlog.dat
+ 2007-04-24 19:05 . 2007-02-14 16:11 10673664 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142090}\Java 2 Runtime Environment, SE v1.4.2_09.msi
+ 2005-09-23 12:48 . 2005-09-23 12:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2007-03-12 13:24 . 2007-03-12 13:24 17103872 c:\windows\Installer\e978a0a.msi
+ 2008-08-15 00:49 . 2008-08-15 00:49 11615744 c:\windows\Installer\d1d8b4.msi
+ 2007-07-14 11:48 . 2007-07-14 11:48 15256576 c:\windows\Installer\aebe4.msp
+ 2007-05-29 19:41 . 2007-05-29 19:41 16549888 c:\windows\Installer\aebcd.msp
+ 2008-01-14 20:24 . 2008-01-14 20:24 10721280 c:\windows\Installer\6b29c.msp
+ 2007-05-01 15:29 . 2007-05-01 15:29 10994688 c:\windows\Installer\67d69d.msp
+ 2006-09-19 15:23 . 2006-09-19 15:23 12292096 c:\windows\Installer\4d823.msp
+ 2006-09-13 02:44 . 2006-09-13 02:44 13737984 c:\windows\Installer\4d7f9.msp
+ 2006-09-27 18:28 . 2006-09-27 18:28 10256384 c:\windows\Installer\4d7e4.msp
+ 2005-08-08 18:25 . 2005-08-08 18:25 97385984 c:\windows\Installer\4d762.msp
+ 2008-03-01 03:09 . 2008-03-01 03:09 16907776 c:\windows\Installer\4c58c.msp
+ 2008-04-14 19:26 . 2008-04-14 19:26 11888128 c:\windows\Installer\4c54d.msp
+ 2008-01-14 21:50 . 2008-01-14 21:50 11887104 c:\windows\Installer\4414e.msp
+ 2007-02-14 15:43 . 2007-02-14 15:43 19210240 c:\windows\Installer\3f1842.msp
+ 2008-03-17 17:48 . 2008-03-17 17:48 11813888 c:\windows\Installer\3e8ce.msp
+ 2008-08-13 20:49 . 2008-08-13 20:49 11816960 c:\windows\Installer\3a977b2.msp
+ 2008-07-30 14:50 . 2008-07-30 14:50 12506112 c:\windows\Installer\3a9779d.msp
+ 2008-07-08 16:09 . 2008-07-08 16:09 11887616 c:\windows\Installer\3a97788.msp
+ 2008-06-04 19:29 . 2008-06-04 19:29 16905728 c:\windows\Installer\3a97773.msp
+ 2007-01-18 18:29 . 2007-01-18 18:29 10978816 c:\windows\Installer\289c82.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2005-09-29 36864]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-9 66864]
VPN Client.lnk - c:\windows\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico [2007-2-14 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 07:15 63488 ----a-r- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55928:TCP"= 55928:TCP:GalleryAssemblies ModemWeb
"38781:TCP"= 38781:TCP:GalleryAssemblies SoftwareOffice
"21026:UDP"= 21026:UDP:GalleryAssemblies GoogleComponents
"37023:UDP"= 37023:UDP:GalleryAssemblies PublishWorks

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/15/2007 1:50 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2/14/2007 12:52 PM 36352]
S0 dtbyu;dtbyu;c:\windows\system32\drivers\bvdgk.sys --> c:\windows\system32\drivers\bvdgk.sys [?]
S0 phfzqldf;phfzqldf;c:\windows\system32\drivers\kbgzbk.sys --> c:\windows\system32\drivers\kbgzbk.sys [?]
S1 sdmanager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
S2 Wmdmprov;iyglu;c:\windows\system32\svchost.exe -k netsvcs [2/8/2007 3:34 PM 14336]
S3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [11/18/2005 3:21 PM 57600]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Wmdmprov
.
Contents of the 'Scheduled Tasks' folder

2009-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-28 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-07-31 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} - hxxp://hansononline/hbma/Portal/resources/msddsc.cab
FF - ProfilePath - c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Mozilla\Firefox\Profiles\1s396144.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-ccleaner - c:\documents and settings\bchodkowski.HANSON-AMERICA\Desktop\CCleaner\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 17:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmprov]
"ServiceDll"="c:\windows\system32\qctqykkn.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1324)
c:\program files\HPQ\IAM\Bin\OCGina.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\HPQ\IAM\bin\HPBrand.dll
c:\program files\HPQ\IAM\bin\ItTal.dll
c:\program files\HPQ\IAM\bin\ItReports.DLL
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\TrayIcon.dll
c:\program files\HPQ\IAM\Bin\ItDAC.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\STEngine.dll
c:\program files\HPQ\IAM\Bin\BioAuth.dll
c:\program files\HPQ\IAM\Bin\ITVCClient.dll
c:\program files\HPQ\IAM\Bin\AuthWiz.dll
c:\program files\HPQ\IAM\Bin\TpmAuth.dll
c:\program files\HPQ\IAM\Bin\TokenAuth.dll
c:\program files\HPQ\IAM\Bin\ittalsnap.DLL
c:\program files\HPQ\IAM\Bin\ItVCard.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\xenroll.dll
c:\program files\HPQ\IAM\Bin\ItAuth.dll

- - - - - - - > 'lsass.exe'(1380)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(5552)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\ItClient.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\McAfee\VirusScan Enterprise\scriptcl.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\combofix\CF31346.exe
c:\program files\Network Associates\Common Framework\McTray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 17:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 22:32
ComboFix2.txt 2009-06-10 17:16
ComboFix3.txt 2009-06-10 02:29

Pre-Run: 40,869,425,152 bytes free
Post-Run: 41,100,742,656 bytes free

- - End Of File - - 7115E3E9E14F03368B0535138AFD30BA

ComboFix 09-06-09.06 - bchodkowski 06/10/2009 12:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1530 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\1301700638.exe
c:\documents and settings\LocalService\Application Data\1361538659.exe
c:\documents and settings\LocalService\Application Data\1458931097.exe
c:\documents and settings\LocalService\Application Data\755020800.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\system32\avast!Antivirus.exe

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus


((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Malwarebytes
2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-10 03:28 . 2009-06-10 04:10 -------- d-----w- c:\program files\World of Warcraft(3)
2009-06-10 03:06 . 2009-06-10 17:11 117760 ----a-w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-10 03:04 . 2009-06-10 04:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-10 03:04 . 2009-06-10 03:04 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com
2009-06-10 02:50 . 2009-06-10 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 01:53 . 2009-06-10 02:19 63 ----a-w- c:\windows\system\SysSD.dll
2009-06-08 22:00 . 2009-06-10 04:10 -------- d-----w- c:\program files\World of Warcraft
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Acoustica
2009-05-17 05:32 . 2007-08-07 16:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\program files\VST
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-05-17 05:30 . 2009-05-17 07:02 -------- d-----w- c:\program files\Acoustica Mixcraft 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 17:06 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-10 02:16 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis(4).sys
2009-06-10 02:12 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis(3).sys
2009-05-08 04:06 . 2009-05-04 21:23 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\W Photo Studio Viewer
2009-05-06 18:33 . 2008-09-30 17:58 -------- d-----w- c:\program files\Google
2009-05-04 23:42 . 2009-05-04 20:27 98428 ----a-w- c:\windows\system32\drivers\c42c57a8.sys
2009-05-01 22:23 . 2009-05-01 17:53 100092 ----a-w- c:\windows\system32\drivers\e3d4ca63.sys
2009-03-13 02:18 . 2009-03-13 02:18 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.21.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 17:08 . 2009-06-10 17:08 16384 c:\windows\Temp\Perflib_Perfdata_440.dat
+ 2009-06-10 03:04 . 2009-06-10 03:04 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-06-10 03:04 . 2009-06-10 03:04 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-01-07 00:58 . 2009-06-10 04:11 811984 c:\windows\system32\Restore\rstrlog.dat
+ 2007-02-08 20:34 . 2009-06-10 17:02 182912 c:\windows\system32\dllcache\ndis.sys
- 2007-02-08 20:34 . 2009-06-10 02:12 182912 c:\windows\system32\dllcache\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2005-09-29 36864]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico [2007-2-14 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 07:15 63488 ----a-r- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/15/2007 1:50 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2/14/2007 12:52 PM 36352]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S1 sdmanager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
S2 avast!AVSControlService;avast!AVSControlService;c:\windows\System32\avast!AVSControlService.exe -k netsvcs --> c:\windows\System32\avast!AVSControlService.exe -k netsvcs [?]
S2 Wmdmprov;iyglu;c:\windows\system32\svchost.exe -k netsvcs [2/8/2007 3:34 PM 14336]
S3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [11/18/2005 3:21 PM 57600]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Wmdmprov
.
Contents of the 'Scheduled Tasks' folder

2009-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-10 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-07-31 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} - hxxp://hansononline/hbma/Portal/resources/msddsc.cab
FF - ProfilePath - c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Mozilla\Firefox\Profiles\1s396144.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 12:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmprov]
"ServiceDll"="c:\windows\system32\qctqykkn.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1324)
c:\program files\HPQ\IAM\Bin\OCGina.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\HPQ\IAM\bin\HPBrand.dll
c:\program files\HPQ\IAM\bin\ItTal.dll
c:\program files\HPQ\IAM\bin\ItReports.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\TrayIcon.dll
c:\program files\HPQ\IAM\Bin\ItDAC.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\STEngine.dll
c:\program files\HPQ\IAM\Bin\BioAuth.dll
c:\program files\HPQ\IAM\Bin\ITVCClient.dll
c:\program files\HPQ\IAM\Bin\AuthWiz.dll
c:\program files\HPQ\IAM\Bin\TpmAuth.dll
c:\program files\HPQ\IAM\Bin\TokenAuth.dll
c:\program files\HPQ\IAM\Bin\ittalsnap.DLL
c:\program files\HPQ\IAM\Bin\ItVCard.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\xenroll.dll
c:\program files\HPQ\IAM\Bin\ItAuth.dll

- - - - - - - > 'lsass.exe'(1380)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(3300)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\ItClient.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\msiexec.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-10 12:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 17:16
ComboFix2.txt 2009-06-10 02:29

Pre-Run: 41,009,635,328 bytes free
Post-Run: 40,986,390,528 bytes free

248 --- E O F --- 2009-01-09 09:06


ComboFix 09-06-09.06 - bchodkowski 06/09/2009 21:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1425 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Application Data\1361538659.exe
c:\documents and settings\LocalService\Application Data\1458931097.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\9g2234wesdf3dfgjf23
c:\windows\system32\__c005BF47.dat
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\avast!AVSControlService.exe
c:\windows\system32\azton.mt
c:\windows\system32\hobukubo.dll.vir
c:\windows\system32\jbnmck.dll
c:\windows\system32\sft.res
c:\windows\system32\wejoseti.dll.tmp
c:\windows\system32\wiyoyova.dll.vir
c:\windows\system32\wopowupa.dll.tmp
c:\windows\system32\yeruwuma.dll.tmp
c:\windows\t55ft2692f44.dat
c:\windows\Temp\1175753116.exe
c:\windows\Temp\120.exe
c:\windows\Temp\1278194978.exe
c:\windows\Temp\1809917352.exe
c:\windows\Temp\210051792.exe
c:\windows\Temp\2431865338.exe
c:\windows\Temp\2441084088.exe
c:\windows\Temp\2580771588.exe
c:\windows\Temp\2762831588.exe
c:\windows\Temp\2769862838.exe
c:\windows\Temp\29045260.exe
c:\windows\Temp\2944394088.exe
c:\windows\Temp\3246240338.exe
c:\windows\Temp\3247490338.exe
c:\windows\Temp\3387177838.exe
c:\windows\Temp\4050698602.exe
c:\windows\Temp\4180698602.exe
c:\windows\Temp\658565616.exe
c:\windows\Temp\658878116.exe
c:\windows\Temp\687.exe
c:\windows\Temp\822054292.exe
c:\windows\Temp\869866792.exe
c:\windows\Temp\925.exe

----- BITS: Possible infected sites -----

hxxp://NAMSAMRVL009:80
hxxp://NAMSAMRVL009.grouphc.net:80
Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus


((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 01:53 . 2009-06-10 02:19 63 ----a-w- c:\windows\system\SysSD.dll
2009-06-10 01:53 . 2009-01-07 22:20 13776 ----a-w- c:\windows\system32\SDEarlyDelete.exe
2009-06-10 01:53 . 2009-01-22 15:29 1060864 ----a-w- c:\windows\system32\CheckDll.dll
2009-06-10 01:53 . 2009-06-10 01:56 -------- d-----w- c:\program files\SpywareDetector
2009-06-10 01:44 . 2009-06-10 01:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 22:22 . 2009-06-10 02:22 99422 ----a-w- c:\windows\system32\drivers\274af6ef.sys
2009-06-08 22:00 . 2009-06-08 22:15 -------- d-----w- c:\program files\World of Warcraft
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Acoustica
2009-05-17 05:32 . 2007-08-07 16:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\program files\VST
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-05-17 05:30 . 2009-05-17 07:02 -------- d-----w- c:\program files\Acoustica Mixcraft 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 02:16 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-05-08 04:06 . 2009-05-04 21:23 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\W Photo Studio Viewer
2009-05-06 18:33 . 2008-09-30 17:58 -------- d-----w- c:\program files\Google
2009-05-04 23:42 . 2009-05-04 20:27 98428 ----a-w- c:\windows\system32\drivers\c42c57a8.sys
2009-05-01 22:23 . 2009-05-01 17:53 100092 ----a-w- c:\windows\system32\drivers\e3d4ca63.sys
2009-03-13 02:18 . 2009-03-13 02:18 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2005-09-29 36864]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [2009-01-31 1366528]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico [2007-2-14 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 07:15 63488 ----a-r- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sdnotify]
2008-12-01 16:15 475136 ----a-w- c:\program files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

R1 sdmanager;SDManager;c:\program files\SpywareDetector\SDManager.sys [6/9/2009 8:53 PM 13696]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
R2 sdmainsvc;SDMainSvc;c:\program files\SpywareDetector\SDMainService.exe [6/9/2009 8:53 PM 923088]
R2 sdservice;SDService;c:\program files\SpywareDetector\SDService.exe [6/9/2009 8:53 PM 1720192]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/15/2007 1:50 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2/14/2007 12:52 PM 36352]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
S2 avast!AVSControlService;avast!AVSControlService;c:\windows\System32\avast!AVSControlService.exe -k netsvcs --> c:\windows\System32\avast!AVSControlService.exe -k netsvcs [?]
S2 Wmdmprov;iyglu;c:\windows\system32\svchost.exe -k netsvcs [2/8/2007 3:34 PM 14336]
S3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [11/18/2005 3:21 PM 57600]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SDMANAGER
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Wmdmprov
.
Contents of the 'Scheduled Tasks' folder

2009-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-09 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-07-31 04:55]
.
- - - - ORPHANS REMOVED - - - -

BHO-{AFF01325-0FC2-4749-8914-FBF0565AD9CC} - jbnmck.dll
HKCU-Explorer_Run-1 - \\namarirvg001\admove$\emwprof\emwprof.bat


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: heidelbergcement.cyberu.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} - hxxp://hansononline/hbma/Portal/resources/msddsc.cab
FF - ProfilePath - c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Mozilla\Firefox\Profiles\1s396144.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 21:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\274af6ef]
"ImagePath"="\SystemRoot\System32\drivers\274af6ef.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmprov]
"ServiceDll"="c:\windows\system32\qctqykkn.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\program files\HPQ\IAM\Bin\OCGina.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\HPQ\IAM\bin\HPBrand.dll
c:\program files\HPQ\IAM\bin\ItTal.dll
c:\program files\HPQ\IAM\bin\ItReports.DLL
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\SpywareDetector\SDNotify.dll
c:\program files\HPQ\IAM\Bin\TrayIcon.dll
c:\program files\HPQ\IAM\Bin\ItDAC.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\STEngine.dll
c:\program files\HPQ\IAM\Bin\BioAuth.dll
c:\program files\HPQ\IAM\Bin\ITVCClient.dll
c:\program files\HPQ\IAM\Bin\AuthWiz.dll
c:\program files\HPQ\IAM\Bin\TpmAuth.dll
c:\program files\HPQ\IAM\Bin\TokenAuth.dll
c:\program files\HPQ\IAM\Bin\ittalsnap.DLL
c:\program files\HPQ\IAM\Bin\ItVCard.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\xenroll.dll
c:\program files\HPQ\IAM\Bin\ItAuth.dll

- - - - - - - > 'lsass.exe'(1396)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(324)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\ItClient.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\msiexec.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-10 21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 02:29

Pre-Run: 41,345,921,024 bytes free
Post-Run: 41,452,838,912 bytes free

281 --- E O F --- 2009-01-09 09:06

Edited by iceicle1324: n/a

0

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:



KillAll::

Driver::
Wmdmprov

Rootkit::
c:\windows\system32\qctqykkn.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

PhilliePhan. What is the FixCSet:: directive for? I cannot see that in the list at MRU.

Edited by crunchie: n/a

Attachments CFScript.gif 27.09 KB
0

Combofix refuses to work with me! It is unresponsive when I do what you instructed me to do. The Notepad file is as follows:
KillAll::

Driver::
Wmdmprov

Rootkit::
c:\windows\system32\qctqykkn.dll

I tried to run combofix, and when it didnt work, I restarted the computer and tried again. No success.

0

Run Gmer again and locate the Wmdmprov service and right click on it terminate it.
Locate qctqykkn.dll and disable/kill it.

Try running that combofix script again.

0

PhilliePhan. What is the FixCSet:: directive for? I cannot see that in the list at MRU.

Repairs/resets currentcontrolset registry values.

PP :)

0

So I ran combofix, but when the computer restarted, the start bar and desktop icons didnt show up and combofix said it couldnt find some file. Then ENDLOCAL on a black background showed up and my computer had to shut down. Did I do something wrong?

0

Well it doesn't let me. When it is creating the log report, my computer gets a blue screen and then crashes. However, I deleted the wmdmprov service on GMER and now anti virus websites are working. I think you fixed it!

0

Ok. Have a go at the following and see how you go.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

Kaspersky Online Scanner Panda Active Scan Trend Micro HouseCall F-Secure Online Virus Scanner

0

Got the scanner to work- here's the log. Thanks for all the help! And now I realized I accidentally left "remove found threats" checked.... Careless on my part.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d05d716e994c3045aabb6b0e6a199091
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-01 05:10:53
# local_time=2009-11-01 12:10:53 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 801540 801540 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=82864
# found=8
# cleaned=8
# scan_time=3858
C:\Qoobox\Quarantine\C\WINDOWS\system32\bewijeze(2).dll.vir a variant of Win32/Adware.SuperJuan.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\boponase.dll.tmp.vir a variant of Win32/Adware.SuperJuan.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\diveredi.dll.tmp.vir a variant of Win32/Adware.SuperJuan.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\logon.exe.vir a variant of Win32/Kryptik.AJB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\lupuwufe(2).dll.vir a variant of Win32/Kryptik.AYZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mefupojo(2).dll.vir a variant of Win32/Adware.Virtumonde.NFY application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\riyudegi.dll.tmp.vir a variant of Win32/Adware.SuperJuan.J application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\tomuzipu(2).dll.vir a variant of Win32/Adware.SuperJuan.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Edited by iceicle1324: n/a

0

Only thing found there is what combofix removed.
Are you able to run gmer in safe mode and get a log?

0

I am not able to get into safe mode for some reason. I choose the option and then I get a black screen with text coming up and then it restarts.

0

Alright, here's the log. Do I need to run GMER in safe mode now?

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PEVSystemStart
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.