Solved Updates equal error, part two.

Bdog · 2010/08/27

[Resolved] Updates equal error, part two.

Hello,
I have been asked to download and use DDS, in order to gather more information and post it here.
One of the steps requires me to disable any script blocking protection. How does one go about this?

Thank you in advance, Barry.

broni · 2010/08/27

IF you're using Spybot, or Windows Defender....

1. Disable TeaTimer, as it'll interfere with the cleaning process:
Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
TeaTimer closes.
NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

Alternatively, I suggest, you uninstall Spybot since it's a tool of the past.

2. Disable Windows Defender, as it'll interfere with cleaning process:
- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

Bdog · 2010/08/27

Hi Broni,
Thank you.
You mention SpyBot as a tool of the past.... I have been looking for another Spyware/Malware program to compliment Malwarebytes, do you have any favorites you could recommend?
Would it be safe to say, any type of real time scanning protection should be turned off( f-secure through shaw) and if so, does one need to disconnect internet feed directly into the modem when the anti-virus protection (live scannig) is disabled?

Thanks again, Barry.

broni · 2010/08/27

MBAM is pretty much all you need, but if you insist, here is another one:
- SUPERAntiSpyware Free Edition: http://www.superantispyware.com/download.html

any type of real time scanning protection should be turned off( f-secure through shaw)
Click to expand...

No.

Bdog · 2010/08/28

Thanks Broni and I will check out the link.

Cheers

Bdog · 2010/08/28

Include the contents of both logs in your new topic.

I have taken the next step(scan with DDS) and have two log files ready to post, however, I do not know how. Please advise.

Cheers, Barry

broni · 2010/08/28

Select all text in a log, copy it and paste it into your next reply.

Bdog · 2010/08/28

Thank you.....
Here are the two files as requested Arie:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Barry at 12:34:25.71 on Sat 08/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.282 [GMT -7:00]

AV: Shaw Secure 9.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Shaw Secure 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\shaw\bin\shawsupport.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Barry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.formula1.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\shaw secure\nrs\iescript\baselitmus.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\shaw secure\nrs\iescript\baselitmus.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\shaw secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shawsu~1.lnk - c:\program files\shaw\bin\shawsupport.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\shaw secure\fsps\program\FSLSP.DLL
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///D:/setup/RiffLick.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222477489593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222982035703
DPF: {6EBC6744-5383-4213-AD5E-66434ECA1812} - hxxp://download.sp.f-secure.com/ols/shaw/fs/resources/fslauncher.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://www.shawsecure.ca/pchealthcheck/fscax.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://shawsecure.ca//virusscanner/fscax.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\607\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2008-11-17 41256]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-8-18 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\shaw secure\hips\drivers\fshs.sys [2010-8-18 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\shaw secure\anti-virus\fsgk32st.exe [2010-8-18 215648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-7 54752]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-8-5 4410152]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-3-3 1373480]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2009-12-25 112936]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys [2010-8-18 124072]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\shaw secure\orsp client\fsorsp.exe [2010-8-18 58024]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-8-5 15656]
S2 eac_notifysvc;eAcceleration Notification Service; "c:\progra~1\eaccel~1\framew~1\eac_svc.exe" --> c:\progra~1\eaccel~1\framew~1\eac_svc.exe [?]
S2 gupdate1c9bbb51e0544ca;Google Update Service (gupdate1c9bbb51e0544ca);c:\program files\google\update\GoogleUpdate.exe [2009-4-12 133104]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2009-8-5 45824]
S3 cpuz132;cpuz132;\??\c:\docume~1\barry\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\barry\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2009-8-5 56960]
S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys [2010-8-18 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\shaw secure\anti-virus\win2k\fsrec.sys [2010-8-18 25184]

=============== Created Last 30 ================

==================== Find3M ====================

============= FINISH: 12:36:05.56 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/26/2008 3:54:16 PM
System Uptime: 8/28/2010 9:44:53 AM (3 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | SiS-645
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Socket 478 | 2000/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 12.39 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {B8139C20-CF94-11D5-AEF7-0002B30625C5}
Description: SiS USB 2.0 Enhanced Host Controller
Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_50041458&REV_00\3&61AAA01&0&1B
Manufacturer: Gigabyte Technology Co., Ltd.
Name: SiS USB 2.0 Enhanced Host Controller
PNP Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_50041458&REV_00\3&61AAA01&0&1B
Service: ousbehci

==== System Restore Points ===================

RP399: 7/19/2010 3:00:16 AM - Software Distribution Service 3.0
RP400: 7/19/2010 2:57:20 PM - Software Distribution Service 3.0
RP401: 7/19/2010 3:21:15 PM - Software Distribution Service 3.0
RP402: 7/19/2010 3:58:03 PM - Software Distribution Service 3.0
RP403: 7/20/2010 3:00:17 AM - Software Distribution Service 3.0
RP404: 7/21/2010 3:00:18 AM - Software Distribution Service 3.0
RP405: 7/22/2010 3:00:18 AM - Software Distribution Service 3.0
RP406: 7/23/2010 3:00:18 AM - Software Distribution Service 3.0
RP407: 7/24/2010 3:00:17 AM - Software Distribution Service 3.0
RP408: 7/24/2010 9:53:45 PM - Software Distribution Service 3.0
RP409: 7/25/2010 3:00:17 AM - Software Distribution Service 3.0
RP410: 7/26/2010 3:00:17 AM - Software Distribution Service 3.0
RP411: 7/27/2010 3:00:22 AM - Software Distribution Service 3.0
RP412: 7/28/2010 3:00:23 AM - Software Distribution Service 3.0
RP413: 7/28/2010 10:15:45 PM - Software Distribution Service 3.0
RP414: 7/29/2010 3:00:20 AM - Software Distribution Service 3.0
RP415: 7/30/2010 3:00:21 AM - Software Distribution Service 3.0
RP416: 7/31/2010 3:00:19 AM - Software Distribution Service 3.0
RP417: 7/31/2010 4:01:29 PM - Installed Zoltrix Eagle Camera
RP418: 7/31/2010 4:04:00 PM - Removed Zoltrix Eagle Camera
RP419: 7/31/2010 4:08:16 PM - Installed Zoltrix Eagle Camera
RP420: 7/31/2010 4:09:15 PM - Removed Zoltrix Eagle Camera
RP421: 8/1/2010 3:00:17 AM - Software Distribution Service 3.0
RP422: 8/2/2010 3:00:19 AM - Software Distribution Service 3.0
RP423: 8/3/2010 3:04:01 AM - Software Distribution Service 3.0
RP424: 8/4/2010 3:00:27 AM - Software Distribution Service 3.0
RP425: 8/5/2010 3:00:29 AM - Software Distribution Service 3.0
RP426: 8/6/2010 3:00:27 AM - Software Distribution Service 3.0
RP427: 8/7/2010 3:00:24 AM - Software Distribution Service 3.0
RP428: 8/8/2010 3:00:42 AM - Software Distribution Service 3.0
RP429: 8/9/2010 3:00:30 AM - Software Distribution Service 3.0
RP430: 8/10/2010 3:00:27 AM - Software Distribution Service 3.0
RP431: 8/11/2010 3:00:32 AM - Software Distribution Service 3.0
RP432: 8/12/2010 3:00:31 AM - Software Distribution Service 3.0
RP433: 8/13/2010 3:00:28 AM - Software Distribution Service 3.0
RP434: 8/13/2010 10:35:30 AM - Software Distribution Service 3.0
RP435: 8/13/2010 11:07:55 AM - Software Distribution Service 3.0
RP436: 8/14/2010 3:00:27 AM - Software Distribution Service 3.0
RP437: 8/15/2010 3:00:24 AM - Software Distribution Service 3.0
RP438: 8/16/2010 3:00:32 AM - Software Distribution Service 3.0
RP439: 8/17/2010 12:59:19 AM - Software Distribution Service 3.0
RP440: 8/18/2010 4:58:54 PM - Software Distribution Service 3.0
RP441: 8/18/2010 5:46:28 PM - psc 9.01 build 105 Installation
RP442: 8/18/2010 6:20:02 PM - Software Distribution Service 3.0
RP443: 8/18/2010 6:42:38 PM - Software Distribution Service 3.0
RP444: 8/19/2010 3:00:23 AM - Software Distribution Service 3.0
RP445: 8/20/2010 3:00:23 AM - Software Distribution Service 3.0
RP446: 8/20/2010 7:57:43 PM - Installed WinFast(R) Display Driver
RP447: 8/20/2010 8:13:49 PM - Installed Windows XP WgaNotify.
RP448: 8/21/2010 3:00:22 AM - Software Distribution Service 3.0
RP449: 8/21/2010 9:14:35 AM - Software Distribution Service 3.0
RP450: 8/22/2010 3:00:27 AM - Software Distribution Service 3.0
RP451: 8/22/2010 9:49:00 AM - Software Distribution Service 3.0
RP452: 8/22/2010 10:03:40 AM - Software Distribution Service 3.0
RP453: 8/22/2010 8:08:06 PM - Software Distribution Service 3.0
RP454: 8/22/2010 8:38:38 PM - B4updatefix
RP455: 8/22/2010 8:58:27 PM - Software Distribution Service 3.0
RP456: 8/22/2010 9:33:38 PM - Configured Driver Detective
RP457: 8/22/2010 9:34:00 PM - Installed Driver Detective.
RP458: 8/22/2010 10:00:37 PM - Installed Windows XP Service Pack 3.
RP459: 8/22/2010 10:04:49 PM - Installed Windows XP KB938464.
RP460: 8/22/2010 10:05:20 PM - Installed Windows XP KB946648.
RP461: 8/22/2010 10:05:40 PM - Installed Windows XP KB950762.
RP462: 8/22/2010 10:05:59 PM - Installed Windows XP KB950974.
RP463: 8/22/2010 10:06:17 PM - Installed Windows XP KB951066.
RP464: 8/22/2010 10:06:38 PM - Installed Windows XP KB951376-v2.
RP465: 8/22/2010 10:06:57 PM - Installed Windows XP KB951698.
RP466: 8/22/2010 10:07:16 PM - Installed Windows XP KB951748.
RP467: 8/22/2010 10:07:40 PM - Installed Windows XP KB952287.
RP468: 8/22/2010 10:07:58 PM - Installed Windows XP KB952954.
RP469: 8/22/2010 10:35:33 PM - Software Distribution Service 3.0
RP470: 8/22/2010 10:56:53 PM - Restore Operation
RP471: 8/22/2010 11:10:29 PM - Restore Operation
RP472: 8/22/2010 11:38:02 PM - Restore Operation
RP473: 8/22/2010 11:49:43 PM - Restore Operation
RP474: 8/23/2010 3:03:12 AM - Software Distribution Service 3.0
RP475: 8/23/2010 4:06:39 PM - Software Distribution Service 3.0
RP476: 8/24/2010 3:02:43 AM - Software Distribution Service 3.0
RP477: 8/25/2010 3:05:18 AM - Software Distribution Service 3.0
RP478: 8/25/2010 10:44:03 PM - Software Distribution Service 3.0
RP479: 8/25/2010 10:50:39 PM - Software Distribution Service 3.0
RP480: 8/25/2010 11:54:41 PM - Software Distribution Service 3.0
RP481: 8/26/2010 3:04:12 AM - Software Distribution Service 3.0
RP482: 8/26/2010 2:41:44 PM - Installed Windows XP KB2115168.
RP483: 8/27/2010 3:01:37 AM - Software Distribution Service 3.0
RP484: 8/27/2010 9:10:47 PM - Software Distribution Service 3.0
RP485: 8/28/2010 9:11:17 AM - Installed QuickTime
RP486: 8/28/2010 9:28:20 AM - Installed Microsoft Fix it 50459
RP487: 8/28/2010 9:34:54 AM - Software Distribution Service 3.0
RP488: 8/28/2010 9:38:37 AM - Installed Microsoft Fix it 50460
RP489: 8/28/2010 9:56:41 AM - Installed Java(TM) 6 Update 21

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator 9.0
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 6.0
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1.3
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AGEIA PhysX v7.07.24
AIO_Scan
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
BitLord 1.1
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
Bonjour
BufferChm
C-Media Audio
C-Media WDM Audio Driver
C6200
C6200_Help
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cards_Calendar_OrderGift_DoMorePlugout
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Connect
Copy
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceDiscovery
DivX Setup
DocProc
Driver Detective
F-Secure PSC Prerequisites
Fax
FL Studio v7.0
Full Tilt Poker
Google Earth
Google Update Helper
Google Updater
GoToAssist Corporate
GPBaseService
GPBaseService2
Hero Editor V0.96
Hero Editor V0.96 (C:\Program Files\Hero Editor\)
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Driver Diagnostics
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart All-In-One Software 9.0
HP Photosmart C5500 All-In-One Driver 11.0 Rel .4
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
ieSpell
iTunes
J2SE Development Kit 5.0 Update 17
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 17
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Junk Mail filter update
KhalInstallWrapper
kuler
LimeWire PRO 4.8.0
Logitech SetPoint
Malwarebytes' Anti-Malware
ManyCam 2.5.48 (remove only)
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSN
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Demo
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PDF Settings CS4
Pen Tablet
Photoshop Camera Raw
Presto! Mr. Photo 3
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PS_AIO_04_C5500_Software_Min
PSSWCORE
QMC
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Risk II
Sansa Media Converter
Scan
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Shaw Internet Update 3.2.2
Shaw Secure
Shaw Support 3.0
Shop for HP Supplies
SiSAGP driver
SIW version 2010.07.14
SmartWebPrinting
Snagit 9.1.2
SolutionCenter
Status
Suite Shared Configuration CS4
SUPERAntiSpyware
System Requirements Lab
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V4000 Digital Camera Driver
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Wacom Tablet
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinFast(R) Display Driver
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
YouTube Downloader 2.5.1

==== Event Viewer Messages From Past Week ========

8/28/2010 9:50:51 AM, error: F-Secure Gatekeeper [1] -
8/23/2010 6:04:33 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
8/22/2010 11:49:09 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/22/2010 11:47:47 PM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2781'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
8/22/2010 11:47:42 PM, error: Service Control Manager [7000] - The PnkBstrB service failed to start due to the following error: The system cannot find the file specified.
8/22/2010 11:47:42 PM, error: Service Control Manager [7000] - The PnkBstrA service failed to start due to the following error: The system cannot find the file specified.
8/22/2010 11:47:42 PM, error: Service Control Manager [7000] - The Hotspot Shield Service service failed to start due to the following error: The system cannot find the file specified.
8/22/2010 11:47:42 PM, error: Service Control Manager [7000] - The Hotspot Shield Helper Service service failed to start due to the following error: The system cannot find the file specified.
8/22/2010 11:47:42 PM, error: Service Control Manager [7000] - The eAcceleration Notification Service service failed to start due to the following error: The system cannot find the path specified.
8/22/2010 10:35:39 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows XP (KB2229593).
8/22/2010 10:35:39 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows XP (KB2115168).
8/22/2010 10:35:39 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Word 2002 (KB2251389).

==== End Of File ===========================

broni · 2010/08/28

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Bdog · 2010/08/28

Thank you Broni..... on to the next step.

broni · 2010/08/28

Ok

Bdog · 2010/08/28

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4496

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/28/2010 4:34:07 PM
mbam-log-2010-08-28 (16-34-07).txt

Scan type: Quick scan
Objects scanned: 169390
Time elapsed: 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-28 17:22:23
Windows 5.1.2600 Service Pack 3
Running: oes799kb.exe; Driver: C:\DOCUME~1\Barry\LOCALS~1\Temp\agryrfog.sys

Moving on..... step two.

Bdog · 2010/08/28

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-28 17:22:23
Windows 5.1.2600 Service Pack 3
Running: oes799kb.exe; Driver: C:\DOCUME~1\Barry\LOCALS~1\Temp\agryrfog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF6123CD6]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF6123CF0]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF6122E8C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF61231BC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF6122BCC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF61235EE]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF612488C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF612343E]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF6122A4C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF6122EC0]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF6123042]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB5F62620]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF6122B06]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF6122F86]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [4C, 2A, 12, F6, C0, 2E, 12, ...]
PAGE ntoskrnl.exe!IoCreateDevice 8059FACE 5 Bytes JMP F7500FFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisRegisterProtocol F74D117F 5 Bytes JMP F7500E0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisOpenAdapter F74D1399 5 Bytes JMP F7501394 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisCloseAdapter F74DB642 5 Bytes JMP F7500F18 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol F74DB821 5 Bytes JMP F75011B0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets F74DE810 5 Bytes JMP F7501C0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest F74DE97B 5 Bytes JMP F75015AC fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend F74E1986 5 Bytes JMP F750258C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets F74E19A3 5 Bytes JMP F750265E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData F74E19BE 5 Bytes JMP F7501D0A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoCreateVc F74E8186 5 Bytes JMP F7500E76 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoDeleteVc F74E9557 5 Bytes JMP F7500EE4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoSendPackets F74E9AF1 5 Bytes JMP F7502376 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6807380, 0x2468FD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008F000C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008F100C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008F200C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 008F300C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 008F700C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 008F500C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 008F600C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008F800C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 008F900C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008F400C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[588] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 008FA00C
.text C:\WINDOWS\system32\nvsvc32.exe[660] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007E000C
.text C:\WINDOWS\system32\nvsvc32.exe[660] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007E100C
.text C:\WINDOWS\system32\nvsvc32.exe[660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E200C
.text C:\WINDOWS\system32\nvsvc32.exe[660] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 007E300C
.text C:\WINDOWS\system32\nvsvc32.exe[660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007E400C
.text C:\WINDOWS\system32\nvsvc32.exe[660] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 007EA00C
.text C:\WINDOWS\system32\nvsvc32.exe[660] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 007E700C
.text C:\WINDOWS\system32\nvsvc32.exe[660] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 007E500C
.text C:\WINDOWS\system32\nvsvc32.exe[660] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 007E600C
.text C:\WINDOWS\system32\nvsvc32.exe[660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007E800C
.text C:\WINDOWS\system32\nvsvc32.exe[660] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 007E900C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0168000C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0168100C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0168200C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0168300C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0168400C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0168A00C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0168700C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0168500C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0168600C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0168800C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[748] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0168900C
.text C:\WINDOWS\system32\winlogon.exe[832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 014B000C
.text C:\WINDOWS\system32\winlogon.exe[832] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 014B100C
.text C:\WINDOWS\system32\winlogon.exe[832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 014B200C
.text C:\WINDOWS\system32\winlogon.exe[832] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 014B300C
.text C:\WINDOWS\system32\winlogon.exe[832] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 014B700C
.text C:\WINDOWS\system32\winlogon.exe[832] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 014B500C
.text C:\WINDOWS\system32\winlogon.exe[832] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 014B600C
.text C:\WINDOWS\system32\winlogon.exe[832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 014B800C
.text C:\WINDOWS\system32\winlogon.exe[832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 014B400C
.text C:\WINDOWS\system32\winlogon.exe[832] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 014BA00C
.text C:\WINDOWS\system32\winlogon.exe[832] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 014B900C
.text C:\WINDOWS\system32\lsass.exe[888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD000C
.text C:\WINDOWS\system32\lsass.exe[888] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BD100C
.text C:\WINDOWS\system32\lsass.exe[888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD200C
.text C:\WINDOWS\system32\lsass.exe[888] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00BD300C
.text C:\WINDOWS\system32\lsass.exe[888] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00BD700C
.text C:\WINDOWS\system32\lsass.exe[888] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00BD500C
.text C:\WINDOWS\system32\lsass.exe[888] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00BD600C
.text C:\WINDOWS\system32\lsass.exe[888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BD800C
.text C:\WINDOWS\system32\lsass.exe[888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BD400C
.text C:\WINDOWS\system32\lsass.exe[888] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00BDA00C
.text C:\WINDOWS\system32\lsass.exe[888] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00BD900C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009B000C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009B100C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009B200C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 009B300C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 009B700C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 009B500C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 009B600C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009B800C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009B400C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 009BA00C
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 009B900C
.text C:\Program Files\WTouch\WTouchService.exe[1300] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0063000C
.text C:\Program Files\WTouch\WTouchService.exe[1300] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0063100C
.text C:\Program Files\WTouch\WTouchService.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0063200C
.text C:\Program Files\WTouch\WTouchService.exe[1300] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0063300C
.text C:\Program Files\WTouch\WTouchService.exe[1300] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0063700C
.text C:\Program Files\WTouch\WTouchService.exe[1300] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0063500C
.text C:\Program Files\WTouch\WTouchService.exe[1300] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0063600C
.text C:\Program Files\WTouch\WTouchService.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0063800C
.text C:\Program Files\WTouch\WTouchService.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0063400C
.text C:\Program Files\WTouch\WTouchService.exe[1300] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0063A00C
.text C:\Program Files\WTouch\WTouchService.exe[1300] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0063900C
.text C:\WINDOWS\system32\PSIService.exe[1560] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007F000C
.text C:\WINDOWS\system32\PSIService.exe[1560] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007F100C
.text C:\WINDOWS\system32\PSIService.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007F200C
.text C:\WINDOWS\system32\PSIService.exe[1560] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 007F300C
.text C:\WINDOWS\system32\PSIService.exe[1560] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 007F700C
.text C:\WINDOWS\system32\PSIService.exe[1560] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 007F500C
.text C:\WINDOWS\system32\PSIService.exe[1560] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 007F600C
.text C:\WINDOWS\system32\PSIService.exe[1560] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007F800C
.text C:\WINDOWS\system32\PSIService.exe[1560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007F400C
.text C:\WINDOWS\system32\PSIService.exe[1560] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 007FA00C
.text C:\WINDOWS\system32\PSIService.exe[1560] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 007F900C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B1000C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B1100C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B1200C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B1300C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B1700C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B1500C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B1600C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B1800C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B1400C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B1A00C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1868] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00B1900C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0064000C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0064100C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0064200C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0064300C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0064700C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0064500C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0064600C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0064800C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0064400C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0064A00C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0064900C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04BF000C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 04BF100C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04BF200C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 04BF300C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 04BF400C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 04BFA00C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 04BF700C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 04BF500C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 04BF600C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 04BF800C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1968] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 04BF900C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007E000C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007E100C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E200C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 007E300C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 007E700C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 007E500C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 007E600C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007E800C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007E400C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 007EA00C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 007E900C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0082000C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0082100C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0082200C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0082300C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0082700C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0082500C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0082600C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0082800C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0082400C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0082A00C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[2032] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0082900C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 029E000C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 029E100C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 029E200C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 029E300C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 029E400C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 029EA00C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 029E700C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 029E500C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 029E600C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 029E800C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2140] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 029E900C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0E29000C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0E29100C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0E29200C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0E29300C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0E29700C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0E29500C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0E29600C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0E29800C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0E29400C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0E29A00C
.text C:\WINDOWS\system32\SearchIndexer.exe[2216] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0E29900C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AE000C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AE100C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AE200C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AE300C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AE700C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AE500C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AE600C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AE800C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AE400C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00AEA00C
.text C:\Program Files\iPod\bin\iPodService.exe[2284] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00AE900C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0298000C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0298100C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0298200C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0298300C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0298400C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0298A00C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0298700C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0298500C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0298600C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0298800C
.text C:\Program Files\iTunes\iTunesHelper.exe[2292] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0298900C
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[2304] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 05D6000C
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[2304] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 05D6100C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02AA000C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02AA100C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02AA200C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02AA300C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 02AA700C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 02AA500C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 02AA600C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02AA800C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02AA400C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 02AAA00C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2396] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 02AA900C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 010F000C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 010F100C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010F200C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 010F300C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 010F700C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 010F500C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 010F600C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 010F800C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 010F400C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 010FA00C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2424] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 010F900C
.text C:\WINDOWS\System32\alg.exe[2464] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009A000C
.text C:\WINDOWS\System32\alg.exe[2464] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009A100C
.text C:\WINDOWS\System32\alg.exe[2464] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009A200C
.text C:\WINDOWS\System32\alg.exe[2464] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 009A300C
.text C:\WINDOWS\System32\alg.exe[2464] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009A400C
.text C:\WINDOWS\System32\alg.exe[2464] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 009AA00C
.text C:\WINDOWS\System32\alg.exe[2464] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 009A700C
.text C:\WINDOWS\System32\alg.exe[2464] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 009A500C
.text C:\WINDOWS\System32\alg.exe[2464] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 009A600C
.text C:\WINDOWS\System32\alg.exe[2464] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009A800C
.text C:\WINDOWS\System32\alg.exe[2464] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 009A900C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA000C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BA100C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA200C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00BA300C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00BA700C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] ADVAPI32.dll!OpenServiceW

.....cont'd

Bdog · 2010/08/28

........text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00BA600C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BA800C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BA400C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00BAA00C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2584] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00BA900C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CE000C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CE100C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE200C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00CE300C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00CE700C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00CE500C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00CE600C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CE800C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] USER32.dll!SetWindowsHookExW 7E42820F 3 Bytes JMP 00CE400C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] USER32.dll!SetWindowsHookExW + 4 7E428213 1 Byte [82]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00CEA00C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2872] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00CE900C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DD000C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00DD100C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD200C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00DD300C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00DD400C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00DDA00C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00DD700C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00DD500C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00DD600C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00DD800C
.text C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe[2940] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00DD900C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD000C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CD100C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD200C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00CD300C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00CD700C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00CD500C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00CD600C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CD800C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CD400C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00CDA00C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3056] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00CD900C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0286000C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0286100C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0286200C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0286300C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0286700C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0286500C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0286600C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0286800C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0286400C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0286A00C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3116] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0286900C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0038000C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0038100C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0038200C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0038300C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0038400C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0038900C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0038700C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0038500C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0038600C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038800C
.text C:\Documents and Settings\Barry\Desktop\oes799kb.exe[3232] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0038A00C
.text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D4000C
.text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00D4100C
.text C:\WINDOWS\system32\wuauclt.exe[3328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D4200C
.text C:\WINDOWS\system32\wuauclt.exe[3328] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00D4300C
.text C:\WINDOWS\system32\wuauclt.exe[3328] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00D4900C
.text C:\WINDOWS\system32\wuauclt.exe[3328] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00D4700C
.text C:\WINDOWS\system32\wuauclt.exe[3328] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00D4500C
.text C:\WINDOWS\system32\wuauclt.exe[3328] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00D4600C
.text C:\WINDOWS\system32\wuauclt.exe[3328] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D4800C
.text C:\WINDOWS\system32\wuauclt.exe[3328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D4400C
.text C:\WINDOWS\system32\wuauclt.exe[3328] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00D4A00C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02EB000C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02EB100C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02EB200C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02EB300C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02EB400C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 02EBA00C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 02EB700C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 02EB500C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 02EB600C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02EB800C
.text C:\Program Files\shaw\bin\shawsupport.exe[3356] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 02EB900C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003F000C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003F100C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003F200C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003F300C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003F700C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003F500C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003F600C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F800C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F400C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003FA00C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3584] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003F900C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03F9000C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 03F9100C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03F9200C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 03F9300C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03F9400C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 03F9A00C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 03F9700C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 03F9500C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 03F9600C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 03F9800C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3668] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 03F9900C
.text C:\WINDOWS\Explorer.EXE[3792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB000C
.text C:\WINDOWS\Explorer.EXE[3792] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BB100C
.text C:\WINDOWS\Explorer.EXE[3792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB200C
.text C:\WINDOWS\Explorer.EXE[3792] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00BB300C
.text C:\WINDOWS\Explorer.EXE[3792] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00BB700C
.text C:\WINDOWS\Explorer.EXE[3792] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00BB500C
.text C:\WINDOWS\Explorer.EXE[3792] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00BB600C
.text C:\WINDOWS\Explorer.EXE[3792] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BB800C
.text C:\WINDOWS\Explorer.EXE[3792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BB400C
.text C:\WINDOWS\Explorer.EXE[3792] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00BBA00C
.text C:\WINDOWS\Explorer.EXE[3792] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00BB900C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0222000C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0222100C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0222200C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0222300C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0222700C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0222500C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0222600C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0222800C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0222400C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0222A00C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3912] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0222900C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 021F000C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 021F100C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 021F200C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 021F300C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 021F700C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] ADVAPI32.dll!OpenServiceW 77DE6FFD 3 Bytes JMP 021F500C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] ADVAPI32.dll!OpenServiceW + 4 77DE7001 1 Byte [8A]
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 021F600C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 021F800C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 021F400C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 021FA00C
.text C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[3940] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 021F900C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0150000C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0150100C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0150200C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0150300C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0150700C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0150500C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0150600C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0150800C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0150400C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0150A00C
.text C:\WINDOWS\system32\Pen_Tablet.exe[3968] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0150900C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0100000C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0100100C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0100200C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0100300C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0100700C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0100500C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0100600C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0100800C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0100400C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0100A00C
.text C:\WINDOWS\system32\Wacom_Tablet.exe[3976] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0100900C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0306000C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0306100C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0306200C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0306300C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0306700C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0306500C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0306600C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0306800C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0306400C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0306A00C
.text C:\Program Files\WTouch\WTouchUser.exe[4032] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0306900C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 028A000C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 028A100C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 028A200C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 028A300C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 028A700C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 028A500C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 028A600C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 028A800C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 028A900C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 028A400C
.text C:\Program Files\Java\jre6\bin\jqs.exe[4108] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 028AA00C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009B000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009B100C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009B200C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 009B300C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 009B700C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 009B500C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 009B600C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009B800C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 009BA00C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 009B900C
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4624] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

....second half of log.

Broni, I am not sure if this is the correct procedure in breaking the log down, but it seemed like the right thing to do.
Now on to the next step. (there is something in all that that will jump out at you? haha where is the manual for that. )

broni · 2010/08/28

You did just fine

Bdog · 2010/08/28

Step three :

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7BAE000 \WINDOWS\system32\KDCOM.DLL
0xF7ABE000 \WINDOWS\system32\BOOTVID.dll
0xF765F000 ACPI.sys
0xF7BB0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF764E000 pci.sys
0xF76AE000 isapnp.sys
0xF7C76000 pciide.sys
0xF792E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF76BE000 MountMgr.sys
0xF762F000 ftdisk.sys
0xF7BB2000 dmload.sys
0xF7609000 dmio.sys
0xF7936000 PartMgr.sys
0xF7C77000 siside.sys
0xF76CE000 VolSnap.sys
0xF75F1000 atapi.sys
0xF76DE000 disk.sys
0xF76EE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF75D1000 fltmgr.sys
0xF75BF000 sr.sys
0xF76FE000 PxHelp20.sys
0xF75A8000 KSecDD.sys
0xF7595000 WudfPf.sys
0xF7508000 Ntfs.sys
0xF74F6000 fsdfw.sys
0xF74C9000 \WINDOWS\System32\drivers\NDIS.SYS
0xF7AC2000 sisperf.sys
0xF770E000 sisidex.sys
0xF771E000 SISAGPX.sys
0xF74AF000 Mup.sys
0xF793E000 fsbts.sys
0xF790E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6807000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF67F3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF791E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF775E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF776E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF67D0000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A26000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF63E1000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF63BD000 \SystemRoot\system32\drivers\portcls.sys
0xF778E000 \SystemRoot\system32\drivers\drmk.sys
0xF7A2E000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6399000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF616C000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF7A3E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF77BE000 \SystemRoot\system32\DRIVERS\serial.sys
0xF747B000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6158000 \SystemRoot\system32\DRIVERS\parport.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF746F000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0xF7A4E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF746B000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0xF780E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7A56000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7BD2000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0xF7E02000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7BD4000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7A66000 \SystemRoot\System32\Drivers\Modem.SYS
0xF781E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7467000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6141000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF783E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF784E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6090000 \SystemRoot\system32\DRIVERS\psched.sys
0xF786E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF788E000 \SystemRoot\system32\DRIVERS\tapvpn.sys
0xF7AAE000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF6060000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF78AE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AB6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7BD8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6002000 \SystemRoot\system32\DRIVERS\update.sys
0xF6BDB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7B4A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF795E000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0xF7B52000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF78FE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF777E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7C00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7976000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7C04000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D24000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C08000 \SystemRoot\System32\Drivers\Beep.SYS
0xF798E000 \SystemRoot\System32\drivers\vga.sys
0xF7C0C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7996000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79A6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B9A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF4E7F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF4E26000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF4DFE000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF4DD8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF4DB6000 \SystemRoot\System32\drivers\afd.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF4D8B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF4D1B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6131000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6121000 \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys
0xF5FFA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF6101000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF79BE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF79CE000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
0xF79D6000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xF60E1000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF4BD8000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF79DE000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xF4BC0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C24000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4ED6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79EE000 \SystemRoot\System32\watchdog.sys
0xF787E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CE1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA460000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xBA4A4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9A3B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7BE2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB9A02000 \SystemRoot\System32\Drivers\adfs.SYS
0xB97E1000 \SystemRoot\System32\Drivers\HTTP.sys
0xB969A000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8F7D000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8FCA000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7C43000 \??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys
0xB7169000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB5F58000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7A76000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB2A43000 \??\C:\DOCUME~1\Barry\LOCALS~1\Temp\agryrfog.sys
0xB2A18000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
448 C:\WINDOWS\system32\smss.exe
772 csrss.exe
832 C:\WINDOWS\system32\winlogon.exe
876 C:\WINDOWS\system32\services.exe
888 C:\WINDOWS\system32\lsass.exe
1044 C:\WINDOWS\system32\svchost.exe
1124 svchost.exe
1264 C:\WINDOWS\system32\svchost.exe
1300 C:\Program Files\WTouch\WTouchService.exe
1316 C:\WINDOWS\system32\svchost.exe
1540 svchost.exe
1564 svchost.exe
1812 C:\WINDOWS\system32\spoolsv.exe
1912 svchost.exe
1948 C:\WINDOWS\system32\svchost.exe
1960 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1976 C:\Program Files\Bonjour\mDNSResponder.exe
2036 C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
180 C:\Program Files\Shaw Secure\Common\FSMA32.EXE
196 C:\Program Files\Shaw Secure\Anti-Virus\fsgk32.exe
260 C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
368 C:\WINDOWS\system32\svchost.exe
500 C:\WINDOWS\system32\svchost.exe
588 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
296 C:\WINDOWS\system32\svchost.exe
660 C:\WINDOWS\system32\nvsvc32.exe
1312 C:\WINDOWS\system32\svchost.exe
1560 C:\WINDOWS\system32\PSIService.exe
1532 C:\WINDOWS\system32\svchost.exe
1868 C:\WINDOWS\system32\Pen_Tablet.exe
2032 C:\WINDOWS\system32\Wacom_Tablet.exe
2216 C:\WINDOWS\system32\searchindexer.exe
2584 wmpnetwk.exe
2872 C:\Program Files\Canon\CAL\CALMAIN.exe
3792 C:\WINDOWS\explorer.exe
3912 C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
3940 C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
3968 C:\WINDOWS\system32\Pen_Tablet.exe
3976 C:\WINDOWS\system32\Wacom_Tablet.exe
4032 C:\Program Files\WTouch\WTouchUser.exe
2292 C:\Program Files\iTunes\iTunesHelper.exe
2304 C:\Program Files\Shaw Secure\Common\FSM32.EXE
2940 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
3000 C:\WINDOWS\system32\ctfmon.exe
3056 C:\Program Files\Windows Media Player\wmpnscfg.exe
3116 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2424 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3328 C:\WINDOWS\system32\wuauclt.exe
3356 C:\Program Files\shaw\bin\shawsupport.exe
3668 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
628 fsorsp.exe
928 C:\Program Files\Shaw Secure\FWES\program\fsdfwd.exe
3752 C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
2284 C:\Program Files\iPod\bin\iPodService.exe
2464 alg.exe
748 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2396 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2140 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
1396 C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
4108 C:\Program Files\Java\jre6\bin\jqs.exe
3584 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
964 C:\Program Files\Internet Explorer\iexplore.exe
4624 C:\Program Files\Internet Explorer\iexplore.exe
3104 C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
1768 C:\WINDOWS\system32\searchprotocolhost.exe
5628 searchfilterhost.exe
4812 C:\WINDOWS\system32\searchprotocolhost.exe
2176 C:\Documents and Settings\Barry\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6Y080L0, Rev: YAR41BW0

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Hahaha...I was all set on another cup coffee waiting on this one, I barely got my finger off the mouse key and it was done.

broni · 2010/08/28

All looks good so far.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Bdog · 2010/08/28

ComboFix 10-08-27.03 - Barry 08/28/2010 19:29:35.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.511 [GMT -7:00]
Running from: c:\documents and settings\Barry\Desktop\ComboFix.exe
AV: Shaw Secure 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Shaw Secure 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\Barry\Application Data\Tron
c:\documents and settings\Barry\Application Data\Tron\Error.log
c:\documents and settings\Barry\Application Data\Tron\Tron.ini
c:\documents and settings\Barry\GoToAssistDownloadHelper.exe
c:\documents and settings\Barry\Local Settings\Application Data\{DD3EEE3E-4896-4F38-BBAB-977C0ED5B6EC}
c:\documents and settings\Barry\Local Settings\Application Data\{DD3EEE3E-4896-4F38-BBAB-977C0ED5B6EC}\chrome.manifest
c:\documents and settings\Barry\Local Settings\Application Data\{DD3EEE3E-4896-4F38-BBAB-977C0ED5B6EC}\chrome\content\_cfg.js
c:\documents and settings\Barry\Local Settings\Application Data\{DD3EEE3E-4896-4F38-BBAB-977C0ED5B6EC}\chrome\content\overlay.xul
c:\documents and settings\Barry\Local Settings\Application Data\{DD3EEE3E-4896-4F38-BBAB-977C0ED5B6EC}\install.rdf
C:\install.exe
c:\program files\QUAD Utilities
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-28 17:13 . 2010-08-28 17:13 -------- d-----w- c:\documents and settings\Barry\Application Data\SUPERAntiSpyware.com
2010-08-28 17:13 . 2010-08-28 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-28 17:12 . 2010-08-28 17:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-28 16:57 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 16:13 . 2010-08-28 16:14 -------- d-----w- c:\program files\QuickTime
2010-08-26 05:47 . 2010-08-29 02:40 -------- d-----w- c:\windows\system32\CatRoot2
2010-08-25 22:52 . 2010-08-25 22:52 -------- d-----w- c:\documents and settings\Barry\Application Data\ieSpell
2010-08-25 22:39 . 2010-08-25 22:39 -------- d-----w- c:\program files\ieSpell
2010-08-23 05:02 . 2008-04-14 12:41 81920 ------w- c:\windows\system32\ieencode.dll
2010-08-21 18:34 . 2010-08-21 18:34 -------- d-----w- c:\program files\SIW
2010-08-21 02:57 . 2010-08-21 02:57 -------- d-----w- c:\windows\system32\WinFast
2010-08-20 10:30 . 2010-08-20 10:30 -------- d-----w- c:\documents and settings\Barry\Application Data\F-Secure
2010-08-19 00:47 . 2009-08-05 15:57 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2010-08-19 00:46 . 2010-08-19 01:12 -------- d-----w- c:\program files\Shaw Secure
2010-08-19 00:43 . 2010-08-19 00:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-18 23:44 . 2008-04-14 12:41 56320 ----a-w- c:\windows\system32\eventlog.dll
2010-08-18 23:38 . 2010-08-18 23:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-08-18 23:30 . 2010-08-28 04:08 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-18 23:30 . 2010-08-18 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-18 23:30 . 2010-08-18 23:30 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-17 19:36 . 2010-08-17 19:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\cache
2010-08-17 19:34 . 2010-08-17 19:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FullTiltPoker
2010-08-17 19:09 . 2010-08-17 19:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-08-17 18:10 . 2010-08-17 18:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Citrix
2010-08-14 23:02 . 2010-08-17 16:40 0 ----a-w- c:\windows\Kpisesecoqaf.bin
2010-08-14 23:02 . 2010-08-17 02:08 120 ----a-w- c:\windows\Tyefebeh.dat
2010-08-08 23:07 . 2010-08-08 23:07 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-08 23:05 . 2010-08-08 23:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-31 23:33 . 2010-07-31 23:33 -------- d-----w- c:\documents and settings\Barry\Local Settings\Application Data\AskToolbar
2010-07-31 23:21 . 2010-07-31 23:25 -------- d-----w- c:\documents and settings\Barry\Local Settings\Application Data\ManyCam
2010-07-31 23:20 . 2010-07-31 23:21 -------- d-----w- c:\documents and settings\Barry\Application Data\ManyCam
2010-07-31 23:20 . 2010-07-31 23:20 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 02:40 . 2010-05-07 00:59 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-29 02:40 . 2009-03-03 21:46 -------- d-----w- c:\documents and settings\Barry\Application Data\WTablet
2010-08-29 02:38 . 2009-03-08 23:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-08-28 22:33 . 2010-02-08 05:12 -------- d-----w- c:\documents and settings\Barry\Application Data\vlc
2010-08-28 17:05 . 2010-03-27 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-28 17:05 . 2010-03-27 23:34 -------- d-----w- c:\program files\DivX
2010-08-28 17:01 . 2008-09-30 16:06 -------- d-----w- c:\program files\Common Files\Java
2010-08-28 16:57 . 2008-09-30 16:06 -------- d-----w- c:\program files\Java
2010-08-28 09:05 . 2009-04-12 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-25 21:38 . 2008-10-02 20:48 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-25 19:15 . 2009-03-03 19:15 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-25 19:15 . 2009-03-03 19:33 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-08-25 19:14 . 2009-03-03 19:15 -------- d-----w- c:\program files\Research In Motion
2010-08-25 19:14 . 2010-03-30 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-08-23 04:33 . 2008-10-02 20:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-19 00:58 . 2008-11-18 04:05 41256 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-08-19 00:46 . 2008-11-18 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2010-08-19 00:43 . 2008-11-18 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2010-08-19 00:20 . 2010-05-25 05:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-08 01:26 . 2010-07-11 21:38 -------- d-----w- c:\program files\Diablo II
2010-07-16 05:07 . 2010-07-16 05:05 -------- d-----w- c:\program files\QuickMediaConverter
2010-07-16 05:07 . 2010-07-16 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickMediaConverter
2010-07-16 05:06 . 2010-07-16 05:06 -------- d-----w- c:\documents and settings\Barry\Application Data\CocoonSoftware
2010-07-11 22:03 . 2010-07-11 21:53 35665 ----a-w- c:\windows\DIIUnin.dat
2010-07-11 22:02 . 2009-08-06 02:00 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-07-11 22:02 . 2009-08-06 02:00 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-07-11 22:02 . 2009-08-06 02:00 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-07-11 21:53 . 2010-07-11 21:53 2829 ----a-w- c:\windows\DIIUnin.pif
2010-07-11 21:53 . 2010-07-11 21:53 94208 ----a-w- c:\windows\DIIUnin.exe
2010-07-11 21:33 . 2010-07-11 21:23 -------- d-----w- c:\program files\Diablo
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-02 90112]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-12 39408]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 76304]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz "= "nwiz.exe" [2006-10-31 1622016]
"NvMediaCenter "= "NvMCTray.dll" [2006-10-31 86016]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SoundMan "= "SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"HitmanPro35 "= "c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-08-28 6293312]
"F-Secure Manager "= "c:\program files\Shaw Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB "= "c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-04-03 16:01 13672 ----a-w- c:\program files\Citrix\GoToAssist\607\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 10:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 22:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shawnotify]
2009-05-11 15:47 378152 ----a-w- c:\progra~1\shaw\Update\siuloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-12 21:23 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\BitLord\\BitLord.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe "=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP "= 5353:TCP:Adobe CSI CS4
"5353:UDP "= 5353:UDP:Bonjour
"1034:TCP "= 1034:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/17/2008 9:05 PM 41256]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/18/2010 5:47 PM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [8/18/2010 5:46 PM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 5:00 AM 14336]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/5/2009 2:22 PM 4410152]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [3/3/2009 2:45 PM 1373480]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [12/25/2009 3:39 PM 112936]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [8/18/2010 5:46 PM 124072]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [8/18/2010 5:46 PM 58024]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/5/2009 2:22 PM 15656]
S2 eac_notifysvc;eAcceleration Notification Service; "c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe" --> c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [?]
S2 gupdate1c9bbb51e0544ca;Google Update Service (gupdate1c9bbb51e0544ca);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2009 2:24 PM 133104]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [8/5/2009 11:26 PM 45824]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [8/5/2009 11:26 PM 56960]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys [8/18/2010 5:46 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\win2k\fsrec.sys [8/18/2010 5:46 PM 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-08-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-12 21:23]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c5785bcd828.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 21:24]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 21:24]

2010-08-28 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\SHAWSE~1\ANTI-V~1\fsav.exe [2010-08-19 15:56]

2010-08-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]

2009-09-30 c:\windows\Tasks\WebReg Photosmart C6200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-15 03:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.formula1.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///D:/setup/RiffLick.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://www.shawsecure.ca/pchealthcheck/fscax.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-AntispywareBot - c:\program files\AntispywareBot\AntispywareBot.exe
MSConfigStartUp-Ewaqep - c:\windows\nrspxth.dll
MSConfigStartUp-oassdcdh - c:\documents and settings\Barry\Local Settings\Application Data\hoxcxjhss\exnlikytssd.exe
MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-ManyCam - c:\documents and settings\Barry\Desktop\Grady's\Folder\ManyCam\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 19:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\607\G2AWinLogon.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\shaw secure\hips\fshook32.dll
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(900)
c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
c:\program files\shaw secure\hips\fshook32.dll
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'explorer.exe'(5688)
c:\windows\system32\WININET.dll
c:\program files\shaw secure\hips\fshook32.dll
c:\program files\Shaw Secure\Spam Control\fsscoepl.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'csrss.exe'(772)
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WTouch\WTouchUser.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Shaw Secure\Anti-Virus\fsgk32st.exe
c:\program files\Shaw Secure\Common\FSMA32.EXE
c:\program files\Shaw Secure\Anti-Virus\FSGK32.EXE
c:\program files\Shaw Secure\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\shaw\bin\shawsupport.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Shaw Secure\FWES\Program\fsdfwd.exe
c:\program files\Shaw Secure\Anti-Virus\fssm32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Shaw Secure\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2010-08-28 20:01:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 03:00

Pre-Run: 17,254,526,976 bytes free
Post-Run: 20,015,824,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4683760C97086874632813C0F23455FF

...Okay Broni it looks like that step is taken care of.

I was curious... the orphan files.... would that be the left overs from deleted programs, etc.?

broni · 2010/08/28

Please, uninstall Ask.com as it's considered as an adware.

===================================================================

I was curious... the orphan files.... would that be the left overs from deleted programs, etc.?
Click to expand...

Yes.

================================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Kpisesecoqaf.bin
c:\windows\Tyefebeh.dat
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Bdog · 2010/08/29

ComboFix 10-08-28.01 - Barry 08/28/2010 21:24:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.398 [GMT -7:00]
Running from: c:\documents and settings\Barry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Barry\Desktop\CFScript.txt
AV: Shaw Secure 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Shaw Secure 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

FILE ::
"c:\windows\Kpisesecoqaf.bin "
"c:\windows\Tyefebeh.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Kpisesecoqaf.bin
c:\windows\Tyefebeh.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-28 17:13 . 2010-08-28 17:13 -------- d-----w- c:\documents and settings\Barry\Application Data\SUPERAntiSpyware.com
2010-08-28 17:13 . 2010-08-28 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-28 17:12 . 2010-08-28 17:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-28 16:57 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 16:13 . 2010-08-28 16:14 -------- d-----w- c:\program files\QuickTime
2010-08-26 05:47 . 2010-08-29 02:40 -------- d-----w- c:\windows\system32\CatRoot2
2010-08-25 22:52 . 2010-08-25 22:52 -------- d-----w- c:\documents and settings\Barry\Application Data\ieSpell
2010-08-25 22:39 . 2010-08-25 22:39 -------- d-----w- c:\program files\ieSpell
2010-08-23 05:02 . 2008-04-14 12:41 81920 ------w- c:\windows\system32\ieencode.dll
2010-08-21 18:34 . 2010-08-21 18:34 -------- d-----w- c:\program files\SIW
2010-08-21 02:57 . 2010-08-21 02:57 -------- d-----w- c:\windows\system32\WinFast
2010-08-20 10:30 . 2010-08-20 10:30 -------- d-----w- c:\documents and settings\Barry\Application Data\F-Secure
2010-08-19 00:47 . 2009-08-05 15:57 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2010-08-19 00:46 . 2010-08-19 01:12 -------- d-----w- c:\program files\Shaw Secure
2010-08-19 00:43 . 2010-08-19 00:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-18 23:44 . 2008-04-14 12:41 56320 ----a-w- c:\windows\system32\eventlog.dll
2010-08-18 23:38 . 2010-08-18 23:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-08-18 23:30 . 2010-08-28 04:08 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-18 23:30 . 2010-08-18 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-18 23:30 . 2010-08-18 23:30 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-17 19:36 . 2010-08-17 19:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\cache
2010-08-17 19:34 . 2010-08-17 19:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FullTiltPoker
2010-08-17 19:09 . 2010-08-17 19:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-08-17 18:10 . 2010-08-17 18:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Citrix
2010-08-08 23:07 . 2010-08-08 23:07 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-08 23:05 . 2010-08-08 23:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-31 23:21 . 2010-07-31 23:25 -------- d-----w- c:\documents and settings\Barry\Local Settings\Application Data\ManyCam
2010-07-31 23:20 . 2010-07-31 23:21 -------- d-----w- c:\documents and settings\Barry\Application Data\ManyCam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 04:36 . 2010-05-07 00:59 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-29 02:40 . 2009-03-03 21:46 -------- d-----w- c:\documents and settings\Barry\Application Data\WTablet
2010-08-29 02:38 . 2009-03-08 23:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-08-28 22:33 . 2010-02-08 05:12 -------- d-----w- c:\documents and settings\Barry\Application Data\vlc
2010-08-28 17:13 . 2010-08-28 17:13 63488 ----a-w- c:\documents and settings\Barry\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-28 17:13 . 2010-08-28 17:13 52224 ----a-w- c:\documents and settings\Barry\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-28 17:13 . 2010-08-28 17:13 117760 ----a-w- c:\documents and settings\Barry\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-28 17:09 . 2010-05-08 15:48 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-28 17:05 . 2010-08-28 17:05 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-28 17:05 . 2010-03-27 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-28 17:05 . 2010-03-27 23:34 -------- d-----w- c:\program files\DivX
2010-08-28 17:05 . 2010-08-28 17:05 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-28 17:05 . 2010-08-28 17:05 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-08-28 17:05 . 2010-08-28 17:05 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-28 17:03 . 2010-08-28 17:03 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 17:03 . 2010-08-28 17:05 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-08-28 17:03 . 2010-08-28 17:03 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-28 17:03 . 2010-03-27 23:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-28 17:02 . 2010-03-27 23:38 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-28 17:01 . 2008-09-30 16:06 -------- d-----w- c:\program files\Common Files\Java
2010-08-28 16:58 . 2010-08-28 16:58 503808 ----a-w- c:\documents and settings\Barry\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-63121620-n\msvcp71.dll
2010-08-28 16:58 . 2010-08-28 16:58 499712 ----a-w- c:\documents and settings\Barry\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-63121620-n\jmc.dll
2010-08-28 16:58 . 2010-08-28 16:58 348160 ----a-w- c:\documents and settings\Barry\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-63121620-n\msvcr71.dll
2010-08-28 16:58 . 2010-08-28 16:58 61440 ----a-w- c:\documents and settings\Barry\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5659387b-n\decora-sse.dll
2010-08-28 16:58 . 2010-08-28 16:58 12800 ----a-w- c:\documents and settings\Barry\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5659387b-n\decora-d3d.dll
2010-08-28 16:57 . 2008-09-30 16:06 -------- d-----w- c:\program files\Java
2010-08-28 16:42 . 2010-08-28 15:52 79488 ----a-w- c:\documents and settings\Barry\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-08-28 16:42 . 2010-08-28 15:52 152576 ----a-w- c:\documents and settings\Barry\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-08-28 09:05 . 2009-04-12 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-25 21:38 . 2008-10-02 20:48 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-25 19:15 . 2009-03-03 19:15 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-25 19:15 . 2009-03-03 19:33 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-08-25 19:14 . 2009-03-03 19:15 -------- d-----w- c:\program files\Research In Motion
2010-08-25 19:14 . 2010-03-30 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-08-25 19:09 . 2010-08-25 19:07 102135128 ----a-w- c:\documents and settings\Barry\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Extractor.exe
2010-08-23 04:33 . 2008-10-02 20:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-21 02:55 . 2010-08-21 02:49 61578567 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\WinXP_9424.exe
2010-08-19 00:58 . 2008-11-18 04:05 41256 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-08-19 00:46 . 2008-11-18 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2010-08-19 00:43 . 2008-11-18 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2010-08-19 00:20 . 2010-05-25 05:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-11 13:21 . 2010-08-11 13:21 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-08-11 13:21 . 2010-08-11 13:21 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-08-11 13:21 . 2010-08-11 13:21 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-08 01:26 . 2010-07-11 21:38 -------- d-----w- c:\program files\Diablo II
2010-08-04 04:38 . 2010-08-04 04:38 1821192 ----a-w- c:\documents and settings\Barry\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\vcredist_x86.exe
2010-08-04 04:38 . 2010-08-04 04:38 400728 ----a-w- c:\documents and settings\Barry\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\BBDesktopInstaller.exe
2010-08-04 04:38 . 2010-08-04 04:38 2959376 ----a-w- c:\documents and settings\Barry\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\dotnetfx35setup.exe
2010-08-04 04:38 . 2010-08-04 04:38 128472 ----a-w- c:\documents and settings\Barry\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Helper.exe
2010-07-16 05:07 . 2010-07-16 05:05 -------- d-----w- c:\program files\QuickMediaConverter
2010-07-16 05:07 . 2010-07-16 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickMediaConverter
2010-07-16 05:06 . 2010-07-16 05:06 -------- d-----w- c:\documents and settings\Barry\Application Data\CocoonSoftware
2010-07-11 22:03 . 2010-07-11 21:53 35665 ----a-w- c:\windows\DIIUnin.dat
2010-07-11 22:02 . 2009-08-06 02:00 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-07-11 22:02 . 2009-08-06 02:00 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-07-11 22:02 . 2009-08-06 02:00 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-07-11 21:53 . 2010-07-11 21:53 2829 ----a-w- c:\windows\DIIUnin.pif
2010-07-11 21:53 . 2010-07-11 21:53 94208 ----a-w- c:\windows\DIIUnin.exe
2010-07-11 21:33 . 2010-07-11 21:23 -------- d-----w- c:\program files\Diablo
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-02 90112]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-12 39408]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 76304]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz "= "nwiz.exe" [2006-10-31 1622016]
"NvMediaCenter "= "NvMCTray.dll" [2006-10-31 86016]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SoundMan "= "SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"HitmanPro35 "= "c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-08-28 6293312]
"F-Secure Manager "= "c:\program files\Shaw Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB "= "c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-04-03 16:01 13672 ----a-w- c:\program files\Citrix\GoToAssist\607\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 10:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 22:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shawnotify]
2009-05-11 15:47 378152 ----a-w- c:\progra~1\shaw\Update\siuloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-12 21:23 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\BitLord\\BitLord.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe "=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP "= 5353:TCP:Adobe CSI CS4
"5353:UDP "= 5353:UDP:Bonjour
"1034:TCP "= 1034:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/17/2008 9:05 PM 41256]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/18/2010 5:47 PM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [8/18/2010 5:46 PM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 5:00 AM 14336]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/5/2009 2:22 PM 4410152]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [3/3/2009 2:45 PM 1373480]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [12/25/2009 3:39 PM 112936]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [8/18/2010 5:46 PM 124072]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/5/2009 2:22 PM 15656]
S2 eac_notifysvc;eAcceleration Notification Service; "c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe" --> c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [?]
S2 gupdate1c9bbb51e0544ca;Google Update Service (gupdate1c9bbb51e0544ca);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2009 2:24 PM 133104]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [8/5/2009 11:26 PM 45824]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [8/18/2010 5:46 PM 58024]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [8/5/2009 11:26 PM 56960]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys [8/18/2010 5:46 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\win2k\fsrec.sys [8/18/2010 5:46 PM 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-08-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-12 21:23]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c5785bcd828.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 21:24]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 21:24]

2010-08-28 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\SHAWSE~1\ANTI-V~1\fsav.exe [2010-08-19 15:56]

2009-09-30 c:\windows\Tasks\WebReg Photosmart C6200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-15 03:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.formula1.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///D:/setup/RiffLick.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://www.shawsecure.ca/pchealthcheck/fscax.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 21:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\607\G2AWinLogon.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\shaw secure\hips\fshook32.dll
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(900)
c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
c:\program files\shaw secure\hips\fshook32.dll
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(772)
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
.
Completion time: 2010-08-28 21:43:40
ComboFix-quarantined-files.txt 2010-08-29 04:43
ComboFix2.txt 2010-08-29 03:01

Pre-Run: 20,711,010,304 bytes free
Post-Run: 20,688,265,216 bytes free

- - End Of File - - C5E3BA5768A354ACA33BE49DEE3B2ECF

Ok Broni, this is what was left as a log file.

Log in or Sign up

Solved Updates equal error, part two.

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

Bdog Inactive Thread Starter

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Updates equal error, part two.

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

Bdog Inactive Thread Starter

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

broni Moderator Malware Analyst

Bdog Inactive Thread Starter

Share This Page

Useful Searches