infected spyguard 2009

[bammer]

hi all - my sons computer started showing security warnings from spyware guard 2009. Regular operation of computer is nonexistent and can only access hjt, s&d, virus scan and internet via safe mode. ran s&d and it only found a couple tacking cookies and spy hunter (which i know my son downloaded the free scanner) ran hjt in safemode (below) my son said the rundll32.exe entries weren't on the log ran at then end of jan but i'll leave that to the experts.

thanks in advance for any help


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:46 PM, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7370F91F-6994-4595-9949-601FA2261C8D} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Macromedia\Common\40f4a0221.dll""
O4 - HKUS\S-1-5-19\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: McAfee Application Installer Cleanup (0151501221206400) (0151501221206400mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\015150~1.EXE (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 10785 bytes

[Shaba]

Hi bammer

• Download random''s system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[bammer]

hi shaba
i could only run this in safe mode would freeze on normal.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-03-03 10:40:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (49%) free of 68 GB
Total RAM: 2047 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:28 AM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7370F91F-6994-4595-9949-601FA2261C8D} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Macromedia\Common\40f4a0221.dll""
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: McAfee Application Installer Cleanup (0151501221206400) (0151501221206400mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\015150~1.EXE (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 10709 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\XoftSpySE 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-27 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7370F91F-6994-4595-9949-601FA2261C8D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-28 8466432]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-18 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-11 185896]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"rundll32.exe"=C:\Documents and Settings\Owner\Application Data\Macromedia\Common\40f4a0221.dll [2009-03-02 64512]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2505f59b-ec9f-11dc-b567-00142ad364a2}]
shell\AutoRun\command - H:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2009-03-03 10:22:22 ----D---- C:\rsit
2009-03-02 13:05:39 ----SHD---- C:\WINDOWS\CSC
2009-03-02 12:30:45 ----D---- C:\Program Files\Enigma Software Group
2009-03-02 09:59:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-02 08:45:49 ----A---- C:\WINDOWS\fd.dll
2009-02-28 18:20:31 ----D---- C:\Documents and Settings\Owner\Application Data\Ventrilo
2009-02-28 18:20:11 ----D---- C:\Program Files\Ventrilo
2009-02-28 18:20:04 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-02-28 18:19:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-25 17:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-15 12:13:37 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2009-02-12 18:39:42 ----D---- C:\Documents and Settings\Owner\Application Data\Blackberry Desktop
2009-02-12 18:20:05 ----D---- C:\Documents and Settings\Owner\Application Data\Research In Motion
2009-02-12 18:10:09 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-02-12 18:10:04 ----D---- C:\Program Files\Roxio
2009-02-12 18:10:04 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-02-12 18:09:54 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-02-12 18:00:37 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-02-12 17:58:36 ----D---- C:\Program Files\Common Files\Research In Motion
2009-02-12 17:58:27 ----D---- C:\Program Files\Research In Motion
2009-02-12 17:53:02 ----SHD---- C:\WINDOWS\ftpcache
2009-02-12 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-09 17:08:13 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-02-09 16:55:46 ----D---- C:\Program Files\Electronic Arts
2009-02-09 16:49:20 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-02-09 16:49:11 ----A---- C:\WINDOWS\system32\dxdllreg.exe

======List of files/folders modified in the last 1 months======

2009-03-03 10:39:37 ----D---- C:\WINDOWS\Temp
2009-03-03 10:35:23 ----D---- C:\WINDOWS\Registration
2009-03-03 10:35:07 ----D---- C:\WINDOWS
2009-03-03 10:32:56 ----D---- C:\WINDOWS\Prefetch
2009-03-03 10:18:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-02 14:29:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-02 14:07:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-02 13:38:45 ----D---- C:\WINDOWS\system32
2009-03-02 13:19:07 ----D---- C:\Program Files\XoftSpySE
2009-03-02 13:09:04 ----D---- C:\WINDOWS\system32\drivers
2009-03-02 12:30:45 ----RD---- C:\Program Files
2009-03-02 11:46:53 ----D---- C:\WINDOWS\network diagnostic
2009-03-02 10:04:06 ----SHD---- C:\RECYCLER
2009-03-02 10:00:52 ----D---- C:\Documents and Settings
2009-03-02 09:05:05 ----A---- C:\WINDOWS\ModemLog_PCI Data Fax SoftModem with SmartCP.txt
2009-03-02 08:57:54 ----D---- C:\Documents and Settings\Owner\Application Data\HPAppData
2009-03-02 08:45:51 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2009-02-28 18:20:22 ----SHD---- C:\WINDOWS\Installer
2009-02-28 18:20:17 ----HD---- C:\Config.Msi
2009-02-28 18:19:14 ----D---- C:\Program Files\Common Files
2009-02-28 14:25:08 ----D---- C:\WINDOWS\system32\Lang
2009-02-25 17:27:03 ----HD---- C:\WINDOWS\inf
2009-02-25 17:26:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-25 09:39:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-25 09:39:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-19 14:41:41 ----D---- C:\Program Files\World of Warcraft
2009-02-16 22:09:16 ----D---- C:\Program Files\PokerStars
2009-02-16 00:04:00 ----D---- C:\WINDOWS\Minidump
2009-02-12 18:40:33 ----D---- C:\Documents and Settings\Owner\Application Data\Roxio
2009-02-12 18:27:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-12 18:16:25 ----D---- C:\WINDOWS\WinSxS
2009-02-12 18:16:21 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-02-12 18:13:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-12 18:11:29 ----RSD---- C:\WINDOWS\Fonts
2009-02-12 03:01:39 ----A---- C:\WINDOWS\imsins.BAK
2009-02-12 03:01:15 ----D---- C:\Program Files\Internet Explorer
2009-02-11 13:21:22 ----A---- C:\additdiag.txt
2009-02-09 17:08:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-09 16:50:42 ----RSD---- C:\WINDOWS\assembly
2009-02-09 16:48:41 ----D---- C:\WINDOWS\system32\DirectX
2009-02-08 17:12:11 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
S1 navigator;navigator; C:\WINDOWS\fd.dll [2009-03-02 6144]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-04-18 8413]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-28 6811168]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-04-24 16694]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
S2 0151501221206400mcinstcleanup;McAfee Application Installer Cleanup (0151501221206400); C:\WINDOWS\TEMP\015150~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
S2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-18 152984]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-28 155716]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-03-03 10:40:07

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
-->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
-->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
-->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ArcSoft MediaConverter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B15D991-5619-4BC1-B71E-3DE793B792FC}\setup.exe" -l0x9
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone-->MsiExec.exe /X{0B59A227-CAC2-4688-8759-580B4DC5F220}
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Comcast Toolbar-->C:\Program Files\ComcastToolbar\uninstall.exe
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 11.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{86732AE7-CB91-4f15-B091-FBA3D3926CD6}\setup\hpzscr01.exe -datfile hposcr29.dat -onestop
HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 11.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Madden NFL 08-->C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S. 11.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Palm-->MsiExec.exe /X{A005B38F-D5AB-4E35-93DD-9886E449FAF1}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
ResumeMaker Premier-->C:\PROGRA~1\RESUME~1\UNWISE.EXE C:\PROGRA~1\RESUME~1\INSTALL.LOG
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Media Manager-->MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Godfather™ The Game-->C:\Program Files\Electronic Arts\The Godfather The Game\EAUninstall.exe
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB960763)-->"C:\WINDOWS\$NtUninstallKB960763$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan (disabled)
FW: McAfee Personal Firewall

System event log

Computer Name: OWNER-258D1D51C
Event Code: 7035
Message: The COM+ System Application service was successfully sent a start control.

Record Number: 41051
Source Name: Service Control Manager
Time Written: 20090103123426.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-258D1D51C
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 41050
Source Name: Service Control Manager
Time Written: 20090103123426.000000-300
Event Type: information
User:

Computer Name: OWNER-258D1D51C
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 41049
Source Name: Service Control Manager
Time Written: 20090103123426.000000-300
Event Type: information
User:

Computer Name: OWNER-258D1D51C
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 41048
Source Name: Service Control Manager
Time Written: 20090103123426.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-258D1D51C
Event Code: 7035
Message: The Background Intelligent Transfer Service service was successfully sent a start control.

Record Number: 41047
Source Name: Service Control Manager
Time Written: 20090103123426.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: OWNER-258D1D51C
Event Code: 5000
Message: McShield service started.

Engine version : 5300.2777

DAT version : 5500.0000



Number of signatures in EXTRA.DAT : None

Names of threats that EXTRA.DAT can detect : None

Record Number: 6779
Source Name: McLogEvent
Time Written: 20090120001436.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-258D1D51C
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 6778
Source Name: SecurityCenter
Time Written: 20090120001428.000000-300
Event Type: information
User:

Computer Name: OWNER-258D1D51C
Event Code: 1
Message:
Record Number: 6777
Source Name: sprtsvc_ddoctorv2
Time Written: 20090120001420.000000-300
Event Type: information
User:

Computer Name: OWNER-258D1D51C
Event Code: 0
Message:
Record Number: 6776
Source Name: IviRegMgr
Time Written: 20090120001358.000000-300
Event Type: information
User:

Computer Name: OWNER-258D1D51C
Event Code: 5000
Message: McShield service started.

Engine version : 5300.2777

DAT version : 5500.0000



Number of signatures in EXTRA.DAT : None

Names of threats that EXTRA.DAT can detect : None

Record Number: 6775
Source Name: McLogEvent
Time Written: 20090120000929.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

[Shaba]

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes'' Anti-Malware
  • Launch Malwarebytes'' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click ''Show Results'' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Re-run rsit.

Post:

- mbam log
- fresh rsit log.

[bammer]

Hi Shaba
installed and ran below are the logs you wanted.. When I restarted, i put it in safe mode if I need to do these in normal mode please let me know.

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 3

3/3/2009 12:14:38 PM
mbam-log-2009-03-03 (12-14-38).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 168257
Time elapsed: 26 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\navigator (Rootkit.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\navigator (Rootkit.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\navigator (Rootkit.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Owner\APPLIC~1\MACROM~1\Common\40f4a0221.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Owner\APPLIC~1\MACROM~1\Common\40f4a0221.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Owner\APPLIC~1\MACROM~1\Common\40f4a0221.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Owner\APPLIC~1\MACROM~1\Common\40f4a0221.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Owner\APPLIC~1\MACROM~1\Common\40f4a0221.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Owner\APPLIC~1\MACROM~1\Common\40f4a0221.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Owner\APPLIC~1\MACROM~1\Common\40f4a0221.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Owner\APPLIC~1\MACROM~1\Common\40f4a0221.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{01120C9A-0873-4047-BEF5-4C6E7BDD1D5E}\RP429\A0054043.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\fd.dll (Rootkit.Zlob) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-03-03 12:16:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (49%) free of 68 GB
Total RAM: 2047 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:30 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Macromedia\Common\40f4a0221.dll""
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: McAfee Application Installer Cleanup (0151501221206400) (0151501221206400mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\015150~1.EXE (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 10863 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\XoftSpySE 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-27 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-28 8466432]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-18 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-11 185896]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 1273488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"rundll32.exe"=C:\Documents and Settings\Owner\Application Data\Macromedia\Common\40f4a0221.dll [2009-03-02 64512]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2505f59b-ec9f-11dc-b567-00142ad364a2}]
shell\AutoRun\command - H:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2009-03-03 12:15:26 ----D---- C:\Avenger
2009-03-03 12:15:26 ----A---- C:\avenger.txt
2009-03-03 11:44:54 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-03-03 11:44:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-03 11:44:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-03 10:22:22 ----D---- C:\rsit
2009-03-02 13:05:39 ----SHD---- C:\WINDOWS\CSC
2009-03-02 12:30:45 ----D---- C:\Program Files\Enigma Software Group
2009-03-02 09:59:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-28 18:20:31 ----D---- C:\Documents and Settings\Owner\Application Data\Ventrilo
2009-02-28 18:20:11 ----D---- C:\Program Files\Ventrilo
2009-02-28 18:20:04 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-02-28 18:19:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-25 17:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-15 12:13:37 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2009-02-12 18:39:42 ----D---- C:\Documents and Settings\Owner\Application Data\Blackberry Desktop
2009-02-12 18:20:05 ----D---- C:\Documents and Settings\Owner\Application Data\Research In Motion
2009-02-12 18:10:09 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-02-12 18:10:04 ----D---- C:\Program Files\Roxio
2009-02-12 18:10:04 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-02-12 18:09:54 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-02-12 18:00:37 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-02-12 17:58:36 ----D---- C:\Program Files\Common Files\Research In Motion
2009-02-12 17:58:27 ----D---- C:\Program Files\Research In Motion
2009-02-12 17:53:02 ----SHD---- C:\WINDOWS\ftpcache
2009-02-12 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-09 17:08:13 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-02-09 16:55:46 ----D---- C:\Program Files\Electronic Arts
2009-02-09 16:49:20 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-02-09 16:49:11 ----A---- C:\WINDOWS\system32\dxdllreg.exe

======List of files/folders modified in the last 1 months======

2009-03-03 12:14:38 ----D---- C:\WINDOWS\Temp
2009-03-03 12:14:38 ----D---- C:\WINDOWS
2009-03-03 11:44:51 ----D---- C:\WINDOWS\system32\drivers
2009-03-03 11:44:48 ----RD---- C:\Program Files
2009-03-03 10:50:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-03 10:35:23 ----D---- C:\WINDOWS\Registration
2009-03-03 10:32:56 ----D---- C:\WINDOWS\Prefetch
2009-03-03 10:18:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-02 14:29:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-02 14:07:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-02 13:38:45 ----D---- C:\WINDOWS\system32
2009-03-02 13:19:07 ----D---- C:\Program Files\XoftSpySE
2009-03-02 11:46:53 ----D---- C:\WINDOWS\network diagnostic
2009-03-02 10:04:06 ----SHD---- C:\RECYCLER
2009-03-02 10:00:52 ----D---- C:\Documents and Settings
2009-03-02 09:05:05 ----A---- C:\WINDOWS\ModemLog_PCI Data Fax SoftModem with SmartCP.txt
2009-03-02 08:57:54 ----D---- C:\Documents and Settings\Owner\Application Data\HPAppData
2009-03-02 08:45:51 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2009-02-28 18:20:22 ----SHD---- C:\WINDOWS\Installer
2009-02-28 18:20:17 ----HD---- C:\Config.Msi
2009-02-28 18:19:14 ----D---- C:\Program Files\Common Files
2009-02-28 14:25:08 ----D---- C:\WINDOWS\system32\Lang
2009-02-25 17:27:03 ----HD---- C:\WINDOWS\inf
2009-02-25 17:26:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-25 09:39:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-19 14:41:41 ----D---- C:\Program Files\World of Warcraft
2009-02-16 22:09:16 ----D---- C:\Program Files\PokerStars
2009-02-16 00:04:00 ----D---- C:\WINDOWS\Minidump
2009-02-12 18:40:33 ----D---- C:\Documents and Settings\Owner\Application Data\Roxio
2009-02-12 18:27:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-12 18:16:25 ----D---- C:\WINDOWS\WinSxS
2009-02-12 18:16:21 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-02-12 18:13:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-12 18:11:29 ----RSD---- C:\WINDOWS\Fonts
2009-02-12 03:01:39 ----A---- C:\WINDOWS\imsins.BAK
2009-02-12 03:01:15 ----D---- C:\Program Files\Internet Explorer
2009-02-11 13:21:22 ----A---- C:\additdiag.txt
2009-02-09 17:08:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-09 16:50:42 ----RSD---- C:\WINDOWS\assembly
2009-02-09 16:48:41 ----D---- C:\WINDOWS\system32\DirectX
2009-02-08 17:12:11 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-04-18 8413]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-28 6811168]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-04-24 16694]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
S2 0151501221206400mcinstcleanup;McAfee Application Installer Cleanup (0151501221206400); C:\WINDOWS\TEMP\015150~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
S2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-18 152984]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
S2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-28 155716]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]

-----------------EOF-----------------

[Shaba]

Yes please post a fresh rsit log taken in normal mode if possible

[bammer]

Here is the normal mode log.
also when i start in normal mode my virus program is set off and wont re-activate and i get the following error message:
error in c:\documents and settings\owner\application data\macromedia\common\4of4a0221dll missing entry

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-03-03 12:54:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (49%) free of 68 GB
Total RAM: 2047 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:38 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Palm\Hotsync.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7370F91F-6994-4595-9949-601FA2261C8D} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Macromedia\Common\40f4a0221.dll""
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\40f4a0221.dll"" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: McAfee Application Installer Cleanup (0151501221206400) (0151501221206400mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\015150~1.EXE (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 11402 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\XoftSpySE 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-27 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7370F91F-6994-4595-9949-601FA2261C8D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-28 8466432]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-18 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-11 185896]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"rundll32.exe"=C:\Documents and Settings\Owner\Application Data\Macromedia\Common\40f4a0221.dll [2009-03-02 64512]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2505f59b-ec9f-11dc-b567-00142ad364a2}]
shell\AutoRun\command - H:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2009-03-03 11:44:54 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-03-03 11:44:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-03 11:44:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-03 10:22:22 ----D---- C:\rsit
2009-03-02 13:05:39 ----SHD---- C:\WINDOWS\CSC
2009-03-02 12:30:45 ----D---- C:\Program Files\Enigma Software Group
2009-03-02 09:59:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-28 18:20:31 ----D---- C:\Documents and Settings\Owner\Application Data\Ventrilo
2009-02-28 18:20:11 ----D---- C:\Program Files\Ventrilo
2009-02-28 18:20:04 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-02-28 18:19:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-25 17:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-15 12:13:37 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2009-02-12 18:39:42 ----D---- C:\Documents and Settings\Owner\Application Data\Blackberry Desktop
2009-02-12 18:20:05 ----D---- C:\Documents and Settings\Owner\Application Data\Research In Motion
2009-02-12 18:10:09 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-02-12 18:10:04 ----D---- C:\Program Files\Roxio
2009-02-12 18:10:04 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-02-12 18:09:54 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-02-12 18:00:37 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-02-12 17:58:36 ----D---- C:\Program Files\Common Files\Research In Motion
2009-02-12 17:58:27 ----D---- C:\Program Files\Research In Motion
2009-02-12 17:53:02 ----SHD---- C:\WINDOWS\ftpcache
2009-02-12 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-09 17:08:13 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-02-09 16:55:46 ----D---- C:\Program Files\Electronic Arts
2009-02-09 16:49:20 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-02-09 16:49:11 ----A---- C:\WINDOWS\system32\dxdllreg.exe

======List of files/folders modified in the last 1 months======

2009-03-03 12:53:20 ----D---- C:\WINDOWS\Temp
2009-03-03 12:51:52 ----D---- C:\WINDOWS\system32\drivers
2009-03-03 12:51:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-03 12:14:38 ----D---- C:\WINDOWS
2009-03-03 11:44:48 ----RD---- C:\Program Files
2009-03-03 10:35:23 ----D---- C:\WINDOWS\Registration
2009-03-03 10:32:56 ----D---- C:\WINDOWS\Prefetch
2009-03-03 10:18:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-02 14:29:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-02 14:07:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-02 13:38:45 ----D---- C:\WINDOWS\system32
2009-03-02 13:19:07 ----D---- C:\Program Files\XoftSpySE
2009-03-02 11:46:53 ----D---- C:\WINDOWS\network diagnostic
2009-03-02 10:04:06 ----SHD---- C:\RECYCLER
2009-03-02 10:00:52 ----D---- C:\Documents and Settings
2009-03-02 09:05:05 ----A---- C:\WINDOWS\ModemLog_PCI Data Fax SoftModem with SmartCP.txt
2009-03-02 08:57:54 ----D---- C:\Documents and Settings\Owner\Application Data\HPAppData
2009-03-02 08:45:51 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2009-02-28 18:20:22 ----SHD---- C:\WINDOWS\Installer
2009-02-28 18:20:17 ----HD---- C:\Config.Msi
2009-02-28 18:19:14 ----D---- C:\Program Files\Common Files
2009-02-28 14:25:08 ----D---- C:\WINDOWS\system32\Lang
2009-02-25 17:27:03 ----HD---- C:\WINDOWS\inf
2009-02-25 17:26:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-25 09:39:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-19 14:41:41 ----D---- C:\Program Files\World of Warcraft
2009-02-16 22:09:16 ----D---- C:\Program Files\PokerStars
2009-02-16 00:04:00 ----D---- C:\WINDOWS\Minidump
2009-02-12 18:40:33 ----D---- C:\Documents and Settings\Owner\Application Data\Roxio
2009-02-12 18:27:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-12 18:16:25 ----D---- C:\WINDOWS\WinSxS
2009-02-12 18:16:21 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-02-12 18:13:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-12 18:11:29 ----RSD---- C:\WINDOWS\Fonts
2009-02-12 03:01:39 ----A---- C:\WINDOWS\imsins.BAK
2009-02-12 03:01:15 ----D---- C:\Program Files\Internet Explorer
2009-02-11 13:21:22 ----A---- C:\additdiag.txt
2009-02-09 17:08:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-09 16:50:42 ----RSD---- C:\WINDOWS\assembly
2009-02-09 16:48:41 ----D---- C:\WINDOWS\system32\DirectX
2009-02-08 17:12:11 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-28 6811168]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-04-18 8413]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-04-24 16694]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
S2 0151501221206400mcinstcleanup;McAfee Application Installer Cleanup (0151501221206400); C:\WINDOWS\TEMP\015150~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
S2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-18 152984]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
S2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-28 155716]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]

-----------------EOF-----------------

[Shaba]

Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2

• Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
• When you have done this, disconnect from the Internet and close all running programs.
  There is a small chance this application may crash your computer so save any work you have open.
• Double-click on Gmer.exe to start the program.
• Allow the gmer.sys driver to load if asked.
• If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
• Click on "Settings", then check the first five settings:
  *System Protection and Tracing
  *Processes
  *Save created processes to the log
  *Drivers
  *Save loaded drivers to the log
• You will be prompted to restart your computer. Please do so.

Run Gmer again and click on the Rootkit tab.

• Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
• Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
• Click on the "Scan" and wait for the scan to finish.
  Note: Before scanning, make sure all other unning programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
• When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
• Note: If you have any problems, try running GMER in SAFE MODE"

Important! Please do not select the "Show all" checkbox during the scan.

[bammer]

hi shaba - did recieve "gmer has found system modification caused by rootkil activity

here is the log

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-03 13:48:10
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\ehome\ehtray.exe[124] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 52, 01, 50, ... ]
.text C:\WINDOWS\ehome\ehtray.exe[124] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 53, 01, 50 ]
.text C:\WINDOWS\ehome\ehtray.exe[124] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 9B, 00, C3 ]
.text C:\WINDOWS\ehome\ehtray.exe[124] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 63, 01, 50, ... ]
.text C:\WINDOWS\ehome\ehtray.exe[124] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 63, 01, 50, ... ]
.text C:\WINDOWS\ehome\ehtray.exe[124] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 66, 01, 50, ... ]
.text C:\WINDOWS\RTHDCPL.EXE[156] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 5B, 02, 50, ... ]
.text C:\WINDOWS\RTHDCPL.EXE[156] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 5C, 02, 50 ]
.text C:\WINDOWS\RTHDCPL.EXE[156] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 8B, 01, C3 ]
.text C:\WINDOWS\RTHDCPL.EXE[156] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 6C, 02, 50, ... ]
.text C:\WINDOWS\RTHDCPL.EXE[156] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 6C, 02, 50, ... ]
.text C:\WINDOWS\RTHDCPL.EXE[156] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 6F, 02, 50, ... ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[220] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 52, 01, 50, ... ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[220] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 53, 01, 50 ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[220] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 1F, 01, C3 ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[220] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 63, 01, 50, ... ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[220] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 63, 01, 50, ... ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[220] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 66, 01, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 4C, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 4D, 02, 50 ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 19, 02, C3 ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 81, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 81, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 84, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 15, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, 6A, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, 6A, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, 6A, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, 6A, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, 6A, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, 6A, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, 6B, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, 6B, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, 6C, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, 6C, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, 6C, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, 6D, 02, 50, ... ]
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[252] WININET.DLL!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, 71, 02, 50, ... ]
.text C:\Program Files\QuickTime\qttask.exe[268] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, F3, 00, 50, ... ]
.text C:\Program Files\QuickTime\qttask.exe[268] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, F4, 00, 50 ]
.text C:\Program Files\QuickTime\qttask.exe[268] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, C0, 00, C3 ]
.text C:\Program Files\QuickTime\qttask.exe[268] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 04, 01, 50, ... ]
.text C:\Program Files\QuickTime\qttask.exe[268] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 04, 01, 50, ... ]
.text C:\Program Files\QuickTime\qttask.exe[268] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 07, 01, 50, ... ]
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[280] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, F1, 00, 50, ... ]
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[280] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, F2, 00, 50 ]
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[280] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, BE, 00, C3 ]
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[280] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 02, 01, 50, ... ]
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[280] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 02, 01, 50, ... ]
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[280] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 05, 01, 50, ... ]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[292] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, F9, 00, 50, ... ]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[292] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, FA, 00, 50 ]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[292] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, C5, 00, C3 ]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[292] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 0A, 01, 50, ... ]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[292] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 0A, 01, 50, ... ]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[292] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 0D, 01, 50, ... ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[308] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, E1, 00, 50, ... ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[308] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, E2, 00, 50 ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[308] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, AE, 00, C3 ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[308] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, F2, 00, 50, ... ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[308] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, F2, 00, 50, ... ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[308] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, F5, 00, 50, ... ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[324] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 41, 01, 50, ... ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[324] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 42, 01, 50 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[324] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 0E, 01, C3 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[324] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 52, 01, 50, ... ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[324] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 52, 01, 50, ... ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[324] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 55, 01, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[452] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, C0, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[452] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, C1, 00, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[452] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 9E, 00, C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[452] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, D1, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[452] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, D1, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[452] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, D4, 00, 50, ... ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[504] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 4E, 01, 50, ... ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[504] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 4F, 01, 50 ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[504] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 1A, 01, C3 ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[504] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 5F, 01, 50, ... ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[504] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 5F, 01, 50, ... ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[504] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 62, 01, 50, ... ]
.text C:\WINDOWS\system32\rundll32.exe[540] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, D9, 00, 50, ... ]
.text C:\WINDOWS\system32\rundll32.exe[540] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, DA, 00, 50 ]
.text C:\WINDOWS\system32\rundll32.exe[540] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, AB, 00, C3 ]
.text C:\WINDOWS\system32\rundll32.exe[540] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes JMP 70685000
.text C:\WINDOWS\system32\rundll32.exe[540] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes JMP 10685000
.text C:\WINDOWS\system32\rundll32.exe[540] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, ED, 00, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[684] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 0B, 02, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[684] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 0C, 02, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[684] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 76, 01, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, FC, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, FC, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, FF, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 89, 01, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, BF, 00, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, C0, 00, 50 ]
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 77, 00, C3 ]
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, DA, 00, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, DA, 00, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, DD, 00, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 98, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, E3, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, E4, 00, 50 ]
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 83, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, F4, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, F4, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, F7, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[916] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 67, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, D7, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, D8, 00, 50 ]
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 83, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, F0, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, F0, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, F3, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, C7, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, B2, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, B3, 00, 50 ]
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 83, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, C3, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, C3, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, C6, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1116] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 67, 00, 50, ... ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[1256] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 1F, 01, 50, ... ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[1256] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 20, 01, 50 ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[1256] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, BE, 00, C3 ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[1256] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 6E, 01, 50, ... ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[1256] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 6E, 01, 50, ... ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[1256] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 71, 01, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, BF, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, C0, 02, 50 ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 9C, 02, C3 ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, DE, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, DE, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, E1, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, D1, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, D1, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, D1, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, D1, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, D1, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, D1, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, D2, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, D2, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, D3, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, D3, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, D3, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, D4, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, D8, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1340] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, B1, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, A8, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, A9, 02, 50 ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 3B, 02, C3 ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 97, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, D0, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, D0, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, D3, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, B9, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, B9, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, B9, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, B9, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, B9, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, B9, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, BA, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, BA, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, BB, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, BB, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, BB, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, BC, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1388] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, C0, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, B7, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, B8, 02, 50 ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 94, 02, C3 ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, D5, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, D5, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, D8, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, C8, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, C8, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, C8, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, C8, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, C8, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, C8, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, C9, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, C9, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, CA, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, CA, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, CA, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, CB, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, CF, 02, 50, ... ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1828] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, A9, 02, 50, ... ]
.text C:\WINDOWS\Explorer.EXE[1844] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, EF, 00, 50, ... ]
.text C:\WINDOWS\Explorer.EXE[1844] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, F0, 00, 50 ]
.text C:\WINDOWS\Explorer.EXE[1844] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, C8, 00, C3 ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Services - GMER 1.0.14 ----

Service C:\Documents and Settings\Owner\Local Settings\Temp\B8126B00FADE0400\B8126B00FADE0400 (*** hidden *** ) [AUTO] B8126B00FADE0400 <-- ROOTKIT !!!
Service system32\drivers\TDSSxxou.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\B8126B00FADE0400@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\B8126B00FADE0400@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\B8126B00FADE0400@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\B8126B00FADE0400@ImagePath \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\B8126B00FADE0400\B8126B00FADE0400
Reg HKLM\SYSTEM\CurrentControlSet\Services\B8126B00FADE0400\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\B8126B00FADE0400\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSxxou.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSxxou.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSktpo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSqavu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSacun.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSqqon.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSehys.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSwghd.log
Reg HKLM\SYSTEM\ControlSet004\Services\B8126B00FADE0400@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\B8126B00FADE0400@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\B8126B00FADE0400@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\B8126B00FADE0400@ImagePath \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\B8126B00FADE0400\B8126B00FADE0400
Reg HKLM\SYSTEM\ControlSet004\Services\B8126B00FADE0400\Security
Reg HKLM\SYSTEM\ControlSet004\Services\B8126B00FADE0400\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSxxou.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSxxou.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSktpo.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSqavu.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSacun.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSqqon.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSehys.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSwghd.log

---- EOF - GMER 1.0.14 ----

[Shaba]

Yes that was actually no wonder.

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.