Results 1 to 10 of 17

Thread: Stealing Personal Information?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Dec 2009
    Posts
    21

    Default Stealing Personal Information?

    I recently noticed my machine is slowing down considerably. When I first boot up the hard drive churns for a long time although this eventually calms down. Further, at all times, the CPU usage frequently spikes to 100% although the slowness problem often persists even when usage is quite low - I especially have problems viewing my Yahoo mail and the NY Times website.

    Next, when I visited recently my credit card and banking websites, after logging in, I got a very suspicious screen asking for all sorts of personal information including SS no., mother's maiden name, checking account number, etc. While this screen was displayed the address bar of my browser still showed the "https://" address of my credit card and banking websites respectively. Also, each time I use my credit card on a website, I get a pop-up box titled "Advanced card verification" and it shows the Verified by VISA" and "secure site" logos.

    My Spybot scan showed no problems and McAfee has not alerted me to anything either.

    Below is my HJT log.

    Thank you, in advance, for any help you can offer.

    Sincerley,
    Steve42

    ============================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:41:51 AM, on 12/29/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\HPOVDX05.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    R3 - URLSearchHook: ONLINE-TV Toolbar - {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - C:\Program Files\ONLINE-TV\tbONL0.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ONLINE-TV Toolbar - {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - C:\Program Files\ONLINE-TV\tbONL0.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: ONLINE-TV Toolbar - {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - C:\Program Files\ONLINE-TV\tbONL0.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
    O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: HP OfficeJet Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.10/uploader2.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://fulbrightevents.webex.com/cl...nt/ieatgpc.cab
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 13958 bytes

  2. #2
    Security Expert Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,038

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.
    Hi steve42 and welcome to Safer Networking.

    I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine!.
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    Scan with GMER:

    Please download GMER Rootkit Scanner from here.
    • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


      Click the image to enlarge it

    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    • Save it where you can easily find it, such as your desktop, and post it in reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Note: Do not run any programs while Gmer is running.

    Scan with RSIT:

    • Please download Random's System Information Tool by random/random from here and save it to your desktop.

    Make sure that RSIT.exe is on the your Desktop before running the application!
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
    Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

    When completed the above, please post back the following in the order asked for:
    • How is your computer performing now, any further symptoms and or problems encountered?
    • GMER Log.
    • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
    Member of UNITE & Teacher at Geeks to Go

  3. #3
    Junior Member
    Join Date
    Dec 2009
    Posts
    21

    Default Stealing Personal Information?

    1 of 3 Posts

    Dakeyras, many thanks for your reply. Here's the info you requested:

    Regards,
    Steve42

    * How is your computer performing now, any further symptoms and or problems encountered? [Performing slightly better - can access NY Times and Yahoo Mail - but CPU usage still frequently spikes to 100% and, overall, the machine is still slow]

    * GMER Log.
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-01-02 20:44:10
    Windows 5.1.2600 Service Pack 3
    Running: 0ff020k3[1].exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\pwldapob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB1A608CA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB1A6079E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB1A60738]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB1A6074C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB1A607B2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB1A607DE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB1A6084C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB1A60836]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB1A6090A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB1A60878]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB1A6078A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB1A60710]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB1A60724]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB1A608DE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB1A608B4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB1A60820]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB1A6080A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB1A607C8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB1A608A0]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB1A6088C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB1A60776]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB1A60762]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB1A607F4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB1A60939]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB1A60862]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB1A60920]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB1A608F4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{B697E7A8-1154-B2F2-2713-AA20D6BCE191}\InprocServer32@ C:\Program Files\Common Files\Sonic Shared\SonicVideoRenderer.ax
    Reg HKLM\SOFTWARE\Classes\CLSID\{B697E7A8-1154-B2F2-2713-AA20D6BCE191}\InprocServer32@InprocServer32 CmEg-{lCE?Ql(=$t8'R1>cZ$=lYVtE?*DQ17LBhS0?
    Reg HKLM\SOFTWARE\Classes\CLSID\{B697E7A8-1154-B2F2-2713-AA20D6BCE191}\InprocServer32@ThreadingModel Both
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Junior Member
    Join Date
    Dec 2009
    Posts
    21

    Default Stealing Personal Information?

    2 of 3 Replies

    * Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Steve at 2010-01-02 20:50:03
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 66 GB (44%) free of 149 GB
    Total RAM: 2046 MB (70% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:50:33 PM, on 1/2/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\HPOVDX05.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Documents and Settings\Steve\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Steve.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    R3 - URLSearchHook: ONLINE-TV Toolbar - {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - C:\Program Files\ONLINE-TV\tbONL0.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ONLINE-TV Toolbar - {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - C:\Program Files\ONLINE-TV\tbONL0.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: ONLINE-TV Toolbar - {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - C:\Program Files\ONLINE-TV\tbONL0.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
    O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: HP OfficeJet Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.10/uploader2.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://fulbrightevents.webex.com/cl...nt/ieatgpc.cab
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 13602 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\McDefragTask.job
    C:\WINDOWS\tasks\McQcTask.job
    C:\WINDOWS\tasks\SDMsgUpdate (TE).job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{17C61F9A-C235-42BE-822D-08C1080CCCF3}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2008-01-08 878352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e}]
    ONLINE-TV Toolbar - C:\Program Files\ONLINE-TV\tbONL0.dll [2009-11-06 2166296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-24 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-30 764912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-24 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2008-01-08 878352]
    {855F3B16-6D32-4fe6-8A56-BBB695989046}
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-24 251504]
    {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - ONLINE-TV Toolbar - C:\Program Files\ONLINE-TV\tbONL0.dll [2009-11-06 2166296]
    - []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2003-10-07 294912]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
    "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-24 39408]
    "Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2009-03-31 221184]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
    HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
    HP OfficeJet Startup.lnk - C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Documents and Settings\Steve\Start Menu\Programs\Startup
    MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "\\TWOFISH\ITUNES\iTunes.exe"="\\TWOFISH\ITUNES\iTunes.exe:*:Enabled:iTunes.exe"
    "C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
    "C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:pando"
    "C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
    "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
    "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"="C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    shell\AutoRun\command - H:\WDSetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a379632c-2139-11de-b832-00111122d9b8}]
    shell\AutoRun\command - H:\Setup_FlipShare.exe
    shell\Setup FlipShare\command - H:\Setup_FlipShare.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab311b14-29d7-11dd-b6c3-00111122d9b8}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AUTORUN.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea24c1c2-7b71-11dd-b725-00111122d9b8}]
    shell\AutoRun\command - H:\WD_Windows_Tools\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee07b702-d83d-11de-b924-00111122d9b8}]
    shell\AutoRun\command - H:\DmailerSync_v9_0_14262.exe


    ======List of files/folders created in the last 1 months======

    2010-01-02 20:50:03 ----D---- C:\rsit
    2009-12-09 12:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
    2009-12-09 12:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
    2009-12-09 12:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
    2009-12-09 12:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
    2009-12-09 12:02:16 ----A---- C:\WINDOWS\imsins.BAK
    2009-12-09 12:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

    ======List of files/folders modified in the last 1 months======

    2010-01-02 20:50:10 ----D---- C:\WINDOWS\Prefetch
    2010-01-02 20:50:08 ----D---- C:\WINDOWS\Temp
    2010-01-02 20:46:54 ----D---- C:\WINDOWS
    2010-01-02 20:46:41 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
    2010-01-02 20:09:39 ----D---- C:\Documents and Settings\Steve\Application Data\Skype
    2010-01-02 19:46:50 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-01-02 16:03:57 ----D---- C:\Documents and Settings\Steve\Application Data\skypePM
    2010-01-02 00:35:20 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-12-25 16:11:44 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-12-18 14:06:51 ----SHD---- C:\WINDOWS\Installer
    2009-12-18 14:06:51 ----SHD---- C:\Config.Msi
    2009-12-12 11:28:04 ----A---- C:\WINDOWS\hpovwr05.INI
    2009-12-12 11:28:02 ----D---- C:\My Images
    2009-12-11 11:30:29 ----D---- C:\WINDOWS\Minidump
    2009-12-09 17:26:47 ----A---- C:\WINDOWS\HPOTBX05.INI
    2009-12-09 12:15:06 ----D---- C:\WINDOWS\SYSTEM32
    2009-12-09 12:15:05 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-12-09 12:13:02 ----D---- C:\Program Files\Internet Explorer
    2009-12-09 12:05:37 ----HD---- C:\WINDOWS\INF
    2009-12-09 12:05:35 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
    2009-12-09 12:05:34 ----D---- C:\WINDOWS\system32\DRIVERS
    2009-12-09 12:02:56 ----HD---- C:\WINDOWS\$hf_mig$
    2009-12-04 09:15:57 ----D---- C:\WINDOWS\system32\NtmsData

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
    R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
    R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
    R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
    R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
    R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
    R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2005-05-02 8413]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
    R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
    R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
    R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
    R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
    R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
    R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
    R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
    R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
    R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2005-06-13 162816]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
    R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
    R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-08-19 28352]
    R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2004-02-14 469696]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
    R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
    S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
    S3 ALABULK;Fujifilm USB MemoryCard ReaderWriter device driver; C:\WINDOWS\System32\Drivers\ALABULK2.sys [2002-09-19 35120]
    S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
    S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2004-04-06 100957]
    S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
    S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
    S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
    S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
    S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
    S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2004-04-06 5245]
    S3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
    S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
    S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
    S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
    S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
    S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
    S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
    S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
    S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
    S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
    S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
    S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
    S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
    S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-04-13 16694]
    S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2004-04-06 4493]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
    S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
    S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
    S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
    S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
    S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 FlipShare Service;FlipShare Service; C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe [2008-11-13 439616]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
    R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
    R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
    R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
    R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
    R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
    R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-12-18 9158656]
    R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2006-06-23 276048]
    R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
    R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
    S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-24 137200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
    S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
    S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
    S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
    S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2006-05-25 12800]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
    S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

  5. #5
    Junior Member
    Join Date
    Dec 2009
    Posts
    21

    Default Stealing Personal Information?

    3 of 3 Replies


    * Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

    info.txt logfile of random's system information tool 1.06 2010-01-02 20:50:37

    ======Uninstall list======

    -->C:\PROGRA~1\Yahoo!\Common\unyt.exe
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    -->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
    -->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3ivx MPEG-4 5.0.3 (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe"
    Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
    APA PERRLA-->C:\WINDOWS\unvise32.exe C:\PERRLA\uninstal.log
    Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
    Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Crosswords and Word Games-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Expert Software\Crosswords and Word Games\DeIsL1.isu"
    Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{E40CE517-0D42-4198-96B4-C8232B257EB5}
    Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
    Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
    Dell Photo Printer 720-->C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
    Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
    Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
    Dell Support-->MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
    DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
    Documents To Go-->MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
    dolphinscreen Screen Saver-->C:\WINDOWS\system32\dolphinscreen.scr /u
    ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    FlipShare-->MsiExec.exe /X{7732DA71-2FB6-5C99-D0D9-58A2DB360895}
    Free Video Dub version 1.4-->"C:\Program Files\DVDVideoSoft\Free Video Dub\unins000.exe"
    Freeraser-->C:\Program Files\Codyssey\Freeraser\Uninstall.exe
    Fujifilm USB MemoryCard ReaderWriter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F87F471C-66C0-4F70-B493-6E59E4D402E6} /l1033
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hollywood FX 5.5 Additional Effects-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\unextralog
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe"
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
    HP OfficeJet Series 600 (Remove Only)-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\uninst.dll"
    ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
    Intel(R) PRO Network Connections Drivers-->Prounstl.exe
    Intel(R) PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
    Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
    interneTIFF 8.0-FREE (IE Browser)-->"C:\Program Files\InstallShield Installation Information\{21873256-A9DF-4F6B-8F37-6515B4A1989B}\setup.exe" -runfromtemp -l0x0009 -removeonly
    iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
    J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
    Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
    Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    JGIScreensaver-Setup-->C:\Program Files\JGIScreensaver-Setup\Uninstall.exe
    LawDesk-->MsiExec.exe /I{FB11B400-8CD8-456A-8A9E-CB7653E3809A}
    Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
    LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
    LG V CAST Music Sync Reset Tool-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\LG Electronics\LG V CAST Music Sync Reset Tool\IFU72.inf
    Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
    Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
    Logitech QuickCam-->MsiExec.exe /I{466B21EE-2858-4845-B2B3-056FC544DAA3}
    Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
    Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Publisher 2003-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
    Microsoft USB Flash Drive Manager-->MsiExec.exe /I{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
    Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
    MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
    ONLINE-TV Toolbar-->C:\PROGRA~1\ONLINE~2\UNWISE.EXE /U C:\PROGRA~1\ONLINE~2\INSTALL.LOG
    Palm-->MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
    PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
    Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
    Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
    PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    proDAD Heroglyph 1.0-->"C:\Program Files\proDAD\Heroglyph-1.0\uninstall.exe" uninstall spcp
    Pure Networks Network Magic-->C:\Program Files\Pure Networks\Network Magic\Uninstall.exe
    QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
    SearchWithin-->C:\Program Files\SearchWithin\thinsetup.exe - uninstall
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
    Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
    Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
    Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
    SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
    Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
    Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
    Spin & Win-->"C:\Program Files\Comcast Play Games\Spin & Win\Uninstall.exe" "C:\Program Files\Comcast Play Games\Spin & Win\install.log"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Studio 9 Content CD/DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x9 UNINSTALL
    Studio 9.4 Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x9 UNINSTALL
    Studio 9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
    Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
    Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
    Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
    Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
    Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    V CAST Music Manager -->C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
    V CAST Music with Rhapsody-->C:\PROGRA~1\VCASTM~1\Unwise32.exe /A C:\PROGRA~1\VCASTM~1\install.log
    Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
    Web-Based Email Tools-->MsiExec.exe /I{8F2771FA-1371-4F73-A7F3-9F3B17073CE4}
    WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
    WebIQ Technology Engine-->C:\WINDOWS\system32\WebIQEngineSetup.exe u
    Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
    Windows Essentials Media Codec Pack 2.3-->C:\Program Files\Essentials Codec Pack\uninst.exe
    Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{7A837109-E671-470D-B489-F1EBE471D220}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
    Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
    Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
    Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
    Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Photos Easy Upload Tool 1v4-->C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: McAfee VirusScan
    FW: Norton Internet Worm Protection (disabled)
    FW: McAfee Personal Firewall

    ======System event log======

    Computer Name: ONEFISH
    Event Code: 10010
    Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

    Record Number: 91271
    Source Name: DCOM
    Time Written: 20091026085148.000000-240
    Event Type: error
    User: NT AUTHORITY\SYSTEM

    Computer Name: ONEFISH
    Event Code: 7000
    Message: The Automatic LiveUpdate Scheduler service failed to start due to the following error:
    The system cannot find the path specified.


    Record Number: 91269
    Source Name: Service Control Manager
    Time Written: 20091026085127.000000-240
    Event Type: error
    User:

    Computer Name: ONEFISH
    Event Code: 1002
    Message: The IP address lease 192.168.10.33 for the Network Card with network address 00111122D9B8 has been
    denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).

    Record Number: 91266
    Source Name: Dhcp
    Time Written: 20091026085051.000000-240
    Event Type: error
    User:

    Computer Name: ONEFISH
    Event Code: 1003
    Message: Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 00111122D9B8. The following
    error occurred:
    The operation was canceled by the user.
    .
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.

    Record Number: 91265
    Source Name: Dhcp
    Time Written: 20091026085051.000000-240
    Event Type: warning
    User:

    Computer Name: ONEFISH
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Record Number: 91261
    Source Name: Tcpip
    Time Written: 20091025201746.000000-240
    Event Type: warning
    User:

    =====Application event log=====

    Computer Name: ONEFISH
    Event Code: 1002
    Message: Hanging application WDSync_v7_1_020.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 12359
    Source Name: Application Hang
    Time Written: 20090822192133.000000-240
    Event Type: error
    User:

    Computer Name: ONEFISH
    Event Code: 1001
    Message: Fault bucket 655240856.

    Record Number: 12358
    Source Name: Application Hang
    Time Written: 20090822185258.000000-240
    Event Type: error
    User:

    Computer Name: ONEFISH
    Event Code: 1002
    Message: Hanging application WDSync_v7_1_020.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 12357
    Source Name: Application Hang
    Time Written: 20090822185254.000000-240
    Event Type: error
    User:

    Computer Name: ONEFISH
    Event Code: 2001
    Message: Unable to read the disk performance information from the system.
    Disk performance counters must be enabled for at least one
    physical disk or logical volume in order for these counters to appear.
    Disk performance counters can be enabled by using the Hardware Device Manager property pages.
    Status code returned is data DWORD 0.

    Record Number: 12355
    Source Name: PerfDisk
    Time Written: 20090822183043.000000-240
    Event Type: error
    User:

    Computer Name: ONEFISH
    Event Code: 19011
    Message:
    Record Number: 12351
    Source Name: MSSQL$MICROSOFTSMLBIZ
    Time Written: 20090822182231.000000-240
    Event Type: warning
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\Microsoft USB Flash Drive Manager\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
    "PROCESSOR_REVISION"=0304
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

    -----------------EOF-----------------

  6. #6
    Security Expert Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,038

    Default

    Hi.

    many thanks for your reply
    You're welcome!

    Performing slightly better - can access NY Times and Yahoo Mail - but CPU usage still frequently spikes to 100% and, overall, the machine is still slow
    OK and thanks for the update. Going back to what you mentioned prior:-
    Next, when I visited recently my credit card and banking websites, after logging in, I got a very suspicious screen asking for all sorts of personal information including SS no., mother's maiden name, checking account number, etc. While this screen was displayed the address bar of my browser still showed the "https://" address of my credit card and banking websites respectively. Also, each time I use my credit card on a website, I get a pop-up box titled "Advanced card verification" and it shows the Verified by VISA" and "secure site" logos.
    It would be prudent for the time being not to carry out any further online banking activities as a precaution and I will provide some relevant advice concerning this matter in due course.

    Your machine has a few system conflicts and some undesirable software installed it would be prudent to uninstall in my humble opinion. There may be a problem with the Hard-Drive also but it does not appear to be anything overtly serious and we can address this in due course.

    The application CCleaner you have installed is fine to use but do not actually use the Scan for Issues feature. This is basically a registry cleaner and such have the propensity to remove legitimate items by mistake and the backups created are not always successfully reemerged with the registry. The worst case scenario of anything that claims to clean the registry is your machine could be left little more than a expensive door stop. Do not be overly alarmed by this and the application as I mentioned is fine to use in temp file cleaning capacity which we will be in due course.

    I have a fair few tasks for your good self to complete below, just take your time and all should go well.

    Norton/Symantec RT:

    Please download the Norton Removal Tool and Save it to your Desktop.

    • Close all programs and double-click the Norton_Removal_Tool.exe then click Run
    • Follow the on-screen instructions.
    • Restart the computer if asked.
    • Then delete Norton_Removal_Tool.exe from your desktop.
    Next:

    Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

    ONLINE-TV Toolbar
    Viewpoint Manager
    Yahoo! Anti-Spy


    To do so, click once on each of the above in turn to highlight and then click on the Remove button.

    Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

    Next:

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files\ONLINE-TV
    C:\Program Files\Symantec
    C:\Program Files\Viewpoint

    Reset SP3 Firewall:

    Click on Start >> Run... and cut/paste in the following and click on OK
    Code:
    firewall.cpl
    Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

    Now click on the General tab >> select Off(not recommended) >> OK.

    Note: No need for it to be active after the reset because you have the McAfee Personal Firewall.

    Launch your installed CCLeaner application:

    • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognise you when you visit).
    • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
    • Click on the "Options" icon at the left side of the window, then click on "Advanced."
      deselect "Only delete files in Windows Temp folders older than 48 hours."
    • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
    • After CCleaner has completed its process, close the application.
    Next:

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and select then follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please post that log in your next reply.
    The log can also be found here:
    1. Launch Malwarebytes' Anti-Malware
    2. Click on the Logs radio tab.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    When completed the above, please post back the following in the order asked for:

    • How is you computer performing now, any other symptoms and or problems encountered?
    • Malwarebytes' Anti-Malware Log.
    • A new RSIT log. <-- Only one log will be created this time and that is all I need to view.
    Member of UNITE & Teacher at Geeks to Go

  7. #7
    Junior Member
    Join Date
    Dec 2009
    Posts
    21

    Default Stealing Personal Information?

    Here is the information you requested. Thanks again for your time and help!
    Steve42

    * How is you computer performing now, any other symptoms and or problems encountered? [Seems to be improved but CPU Usage is still spiking to 100% for short periods - especially when I access the Yahoo Mail website. Is this normal?]

    * Malwarebytes' Anti-Malware Log:

    Malwarebytes' Anti-Malware 1.43
    Database version: 3495
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/4/2010 10:48:27 PM
    mbam-log-2010-01-04 (22-48-27).txt

    Scan type: Quick Scan
    Objects scanned: 168022
    Time elapsed: 14 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 9
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 8
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\toolbar.tb (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.tb.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{b0e43034-50f5-1f84-8098-824b44f2dbc3} (Adware.Admedia) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\WinBudget (Adware.Admedia) -> Quarantined and deleted successfully.
    C:\Program Files\WinBudget\bin (Adware.Admedia) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\res1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guest 1\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.


    * A new RSIT log. <-- Only one log will be created this time and that is all I need to view:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Steve at 2010-01-04 22:59:52
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 66 GB (44%) free of 149 GB
    Total RAM: 2046 MB (69% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:00:23 PM, on 1/4/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Palm\Hotsync.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\HPOVDX05.EXE
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Steve\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Steve.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
    O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: HP OfficeJet Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.10/uploader2.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://fulbrightevents.webex.com/cl...nt/ieatgpc.cab
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

    --
    End of file - 13066 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\McDefragTask.job
    C:\WINDOWS\tasks\McQcTask.job
    C:\WINDOWS\tasks\SDMsgUpdate (TE).job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{17C61F9A-C235-42BE-822D-08C1080CCCF3}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2008-01-08 878352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-24 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-30 764912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-24 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2008-01-08 878352]
    {855F3B16-6D32-4fe6-8A56-BBB695989046}
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-24 251504]
    - []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2003-10-07 294912]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
    "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-24 39408]
    "Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2009-03-31 221184]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
    HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
    HP OfficeJet Startup.lnk - C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Documents and Settings\Steve\Start Menu\Programs\Startup
    MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"="C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    shell\AutoRun\command - H:\WDSetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a379632c-2139-11de-b832-00111122d9b8}]
    shell\AutoRun\command - H:\Setup_FlipShare.exe
    shell\Setup FlipShare\command - H:\Setup_FlipShare.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab311b14-29d7-11dd-b6c3-00111122d9b8}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AUTORUN.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea24c1c2-7b71-11dd-b725-00111122d9b8}]
    shell\AutoRun\command - H:\WD_Windows_Tools\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee07b702-d83d-11de-b924-00111122d9b8}]
    shell\AutoRun\command - H:\DmailerSync_v9_0_14262.exe


    ======List of files/folders created in the last 1 months======

    2010-01-04 22:30:58 ----D---- C:\Documents and Settings\Steve\Application Data\Malwarebytes
    2010-01-04 22:30:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2010-01-04 22:30:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-01-02 20:50:03 ----D---- C:\rsit
    2009-12-09 12:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
    2009-12-09 12:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
    2009-12-09 12:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
    2009-12-09 12:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
    2009-12-09 12:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

    ======List of files/folders modified in the last 1 months======

    2010-01-04 23:00:23 ----D---- C:\WINDOWS\Temp
    2010-01-04 22:59:59 ----D---- C:\WINDOWS\Prefetch
    2010-01-04 22:56:22 ----D---- C:\WINDOWS
    2010-01-04 22:52:15 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
    2010-01-04 22:51:02 ----RD---- C:\Program Files
    2010-01-04 22:50:41 ----D---- C:\WINDOWS\system32\DRIVERS
    2010-01-04 22:50:06 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-01-04 22:26:02 ----D---- C:\WINDOWS\Minidump
    2010-01-04 22:26:02 ----D---- C:\WINDOWS\Debug
    2010-01-04 22:18:57 ----D---- C:\Program Files\Yahoo!
    2010-01-04 22:18:35 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2010-01-04 22:12:06 ----D---- C:\Documents and Settings\Steve\Application Data\Skype
    2010-01-04 22:10:49 ----D---- C:\Documents and Settings\Steve\Application Data\Symantec
    2010-01-04 17:10:08 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-01-04 17:02:22 ----D---- C:\Documents and Settings\Steve\Application Data\skypePM
    2009-12-25 16:11:44 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-12-18 14:06:51 ----SHD---- C:\WINDOWS\Installer
    2009-12-18 14:06:51 ----SHD---- C:\Config.Msi
    2009-12-12 11:28:04 ----A---- C:\WINDOWS\hpovwr05.INI
    2009-12-12 11:28:02 ----D---- C:\My Images
    2009-12-09 17:26:47 ----A---- C:\WINDOWS\HPOTBX05.INI
    2009-12-09 12:15:06 ----D---- C:\WINDOWS\SYSTEM32
    2009-12-09 12:15:05 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-12-09 12:13:02 ----D---- C:\Program Files\Internet Explorer
    2009-12-09 12:05:37 ----HD---- C:\WINDOWS\INF
    2009-12-09 12:05:35 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
    2009-12-09 12:02:56 ----HD---- C:\WINDOWS\$hf_mig$

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
    R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
    R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
    R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
    R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
    R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
    R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2005-05-02 8413]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
    R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
    R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
    R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
    R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
    R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
    R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
    R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
    R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
    R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2005-06-13 162816]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
    R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
    R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-08-19 28352]
    R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2004-02-14 469696]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
    R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
    S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
    S3 ALABULK;Fujifilm USB MemoryCard ReaderWriter device driver; C:\WINDOWS\System32\Drivers\ALABULK2.sys [2002-09-19 35120]
    S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
    S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2004-04-06 100957]
    S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
    S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
    S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
    S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
    S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
    S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2004-04-06 5245]
    S3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
    S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
    S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
    S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
    S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
    S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
    S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
    S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
    S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
    S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
    S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
    S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
    S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
    S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-04-13 16694]
    S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2004-04-06 4493]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
    S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
    S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
    S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
    S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
    S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 FlipShare Service;FlipShare Service; C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe [2008-11-13 439616]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
    R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
    R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
    R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
    R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
    R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
    R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-12-18 9158656]
    R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2006-06-23 276048]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
    R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-24 137200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
    S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
    S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
    S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
    S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2006-05-25 12800]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
    S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

  8. #8
    Security Expert Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,038

    Default

    Hi.

    Thanks again for your time and help!
    You're welcome!

    Seems to be improved but CPU Usage is still spiking to 100% for short periods - especially when I access the Yahoo Mail website. Is this normal?
    This may still be a indication of malware and or when certain applications accessed be they on your machine and or via a website that can be quite CPU resource intensive for brief periods of time.

    Flash Disinfector:

    • Please download Flash_Disinfector and save it to your desktop.
    • Double click to run it.
    • You will be prompted to plug in your flash drive. Plug it in.
    • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
    • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
    • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

    Backup the Registry:

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please go here and download ERUNT.
    • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
    • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
    • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
    • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
    • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
    • Make sure that at least the first two check boxes are selected.
    • Click on OK
    • Then click on YES to create the folder.
    Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

    Download/Run ComboFix:

    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Please open McAfee Security Centre
    • Under Common Tasks click on Home
    • Click Computer Files
    • Click Configure
    • Make sure the following are disabled by ticking the "Off" button.
    Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)
    • Next, select never for "When to re-enable real time scanning"
    • and click OK.
    For further info on disabling and re-enabling McAfee, click here.
    Please include the C:\ComboFix.txt in your next reply for further review.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper


    Note: Do not forget to re-enable McAfee after running ComboFix.

    When completed the above, please post back the following in the order asked for:
    • How is your computer performing now, any other symptoms and or problems encountered?
    • ComboFix Log.
    • A new HijackThis Log.
    Member of UNITE & Teacher at Geeks to Go

  9. #9
    Junior Member
    Join Date
    Dec 2009
    Posts
    21

    Default Stealing Personal Information?

    Here is the information you requested. As always, many, many thanks for your ongoing patience and help!

    steve42

    * How is your computer performing now, any other symptoms and or problems encountered? [Overall, the machine is performing better than when we started. However, the CPU Usage History still shows lots of high spikes, although not always to 100%. These spikes most often happen when I'm loading a page or otherwise actively using my browser. When the machine is idle usage typically hovers around 2% - 5%.]

    *ComboFix Log:

    ComboFix 10-01-04.01 - Steve 01/05/2010 23:26:43.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1444 [GMT -5:00]
    Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Steve\Start Menu\Programs\Startup\MEMonitor.lnk

    .
    ((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
    .

    2010-01-06 03:52 . 2010-01-06 03:52 -------- d-----w- c:\program files\ERUNT
    2010-01-05 03:30 . 2010-01-05 03:30 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
    2010-01-05 03:30 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-05 03:30 . 2010-01-05 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-05 03:30 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-05 03:30 . 2010-01-05 03:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-03 01:50 . 2010-01-03 01:50 -------- d-----w- C:\rsit

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-06 04:33 . 2008-09-18 19:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Skype
    2010-01-05 21:00 . 2008-09-18 19:59 -------- d-----w- c:\documents and settings\Steve\Application Data\skypePM
    2010-01-05 03:18 . 2004-11-20 03:35 -------- d-----w- c:\program files\Yahoo!
    2010-01-05 03:18 . 2006-08-08 20:37 -------- d-----w- c:\program files\Common Files\Scanner
    2010-01-05 03:18 . 2004-08-19 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2010-01-05 03:10 . 2004-08-28 16:00 -------- d-----w- c:\documents and settings\Steve\Application Data\Symantec
    2009-12-03 04:50 . 2004-10-13 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-02 21:11 . 2009-12-02 21:11 -------- d-----w- c:\program files\Trend Micro
    2009-12-02 19:40 . 2004-10-13 23:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-28 20:35 . 2009-11-28 20:35 -------- d-----w- c:\program files\CCleaner
    2009-11-24 13:09 . 2008-08-05 20:49 -------- d-----w- c:\program files\AskBarDis
    2009-11-23 13:05 . 2009-10-24 14:21 -------- d-----w- c:\program files\Windows Desktop Search
    2009-11-22 23:21 . 2009-06-02 13:50 -------- d-----w- c:\program files\McAfee
    2009-11-13 23:02 . 2009-11-13 23:02 -------- d-----w- c:\documents and settings\Guest 1\Application Data\Windows Desktop Search
    2009-11-13 18:38 . 2009-11-13 18:38 -------- d-----w- c:\program files\Western Digital Corporation
    2009-11-09 18:08 . 2008-09-18 19:49 -------- d-----r- c:\program files\Skype
    2009-11-09 18:08 . 2009-11-09 18:08 -------- d-----w- c:\program files\Common Files\Skype
    2009-11-09 18:08 . 2007-08-19 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-11-08 18:22 . 2009-11-08 18:22 593920 ----a-w- c:\documents and settings\Steve\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...190-0-main.dll
    2009-10-29 07:45 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:30 . 2002-08-29 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2002-08-29 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2002-08-29 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
    2002-07-26 22:02 . 2005-01-03 03:16 153088 -c----w- c:\program files\UNWISE.EXE
    .

    ------- Sigcheck -------

    [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
    [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\bak\ctfmon.exe

    c:\windows\System32\ctfmon.exe ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-27 18:39 . 2007-10-10 23:51 39792 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
    2009-10-03 09:45 . 2009-10-03 09:45 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    2003-08-19 06:01 . 2003-08-19 06:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

    2004-08-19 05:51 . 2004-04-11 16:43 53248 c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe

    2004-08-19 05:52 . 2004-04-12 01:15 290816 c:\program files\Dell\Media Experience\bak\PCMService.exe

    2007-10-09 23:56 . 2007-10-09 23:56 202544 c:\program files\Dell Support Center\bin\bak\sprtcmd.exe

    2007-10-09 23:57 . 2007-10-09 23:57 16384 c:\program files\Dell Support Center\gs_agent\custom\bak\dsca.exe

    2007-03-15 15:09 . 2007-03-15 15:09 460784 c:\program files\DellSupport\bak\DSAgnt.exe

    2008-01-15 08:22 . 2008-01-15 08:22 267048 c:\program files\iTunes\bak\iTunesHelper.exe
    2009-07-13 18:03 . 2009-07-13 18:03 292128 c:\program files\iTunes\iTunesHelper.exe

    2007-10-07 03:48 . 2007-09-25 05:11 132496 c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe

    2004-02-25 22:15 . 2004-02-25 22:15 454656 c:\program files\Logitech\Video\bak\ISStart.exe

    2004-02-25 22:06 . 2004-02-25 22:06 212992 c:\program files\Logitech\Video\bak\LogiTray.exe

    2004-08-19 06:01 . 2004-04-19 19:45 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe

    2004-08-19 06:01 . 2004-04-19 19:45 131072 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

    2005-01-03 03:16 . 2004-04-23 16:00 192512 c:\program files\Pinnacle\Shared Files\Programs\USBTip\bak\USBTip.exe

    2008-01-10 20:27 . 2008-01-10 20:27 385024 c:\program files\QuickTime\bak\qttask.exe
    2009-05-26 21:18 . 2009-05-26 21:18 413696 c:\program files\QuickTime\QTTask.exe

    2002-08-29 10:00 . 2004-08-04 07:56 15360 c:\windows\SYSTEM32\bak\ctfmon.exe

    1980-01-01 05:00 . 2005-09-20 13:32 77824 c:\windows\SYSTEM32\bak\hkcmd.exe

    2005-09-20 13:36 . 2005-09-20 13:36 114688 c:\windows\SYSTEM32\bak\igfxpers.exe

    1980-01-01 05:00 . 2005-09-20 13:35 94208 c:\windows\SYSTEM32\bak\igfxtray.exe

    2004-02-25 21:15 . 2004-02-25 21:15 221184 c:\windows\SYSTEM32\bak\LVCOMSX.EXE

    2004-08-19 05:53 . 2004-03-15 06:04 122933 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]
    "Media Codec Update Service"="c:\program files\Essentials Codec Pack\WECPUpdate.exe" [2009-03-31 221184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-10-07 294912]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

    c:\documents and settings\Guest 1\Start Menu\Programs\Startup\
    Palm Registration.lnk - c:\program files\Palm\register.exe [2005-8-8 2494464]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-4-13 28672]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-8-19 24576]
    HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
    HP OfficeJet Startup.lnk - c:\program files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe [2008-11-7 1175552]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-11-8 169472]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

    S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\SYSTEM32\DRIVERS\gflmouhid.sys [4/19/2004 2:01 PM 6656]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-02 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-02 16:22]

    2009-06-02 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-02 16:22]

    2010-01-05 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-09-27 16:21]

    2010-01-06 c:\windows\Tasks\User_Feed_Synchronization-{17C61F9A-C235-42BE-822D-08C1080CCCF3}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    mWindow Title = Microsoft Internet Explorer provided by Comcast
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    Trusted Zone: greaterphilachamber.com\www
    Trusted Zone: microsoft.com\update
    Trusted Zone: nytimes.com\www
    Trusted Zone: uspto.gov\www
    Trusted Zone: weather.com\www
    Trusted Zone: yahoo.com\mail
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.10/uploader2.cab
    .

    **************************************************************************

    disk not found C:\

    please note that you need administrator rights to perform deep scan
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(636)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2010-01-05 23:36:13
    ComboFix-quarantined-files.txt 2010-01-06 04:36

    Pre-Run: 68,951,527,424 bytes free
    Post-Run: 69,095,583,744 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - 4237B57DC18E58DE0F0AA81734D11D73


    *A new HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:45:50 PM, on 1/5/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\HPOVDX05.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: HP OfficeJet Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.10/uploader2.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://fulbrightevents.webex.com/cl...nt/ieatgpc.cab
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

    --
    End of file - 12935 bytes

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •