Yes, we're using Mcafee Enterprise and it is updated regularly. here's the OTL log and ComboFix log. thanks for all your help!
Here's the OTL log
OTL logfile created on: 10/29/2009 10:28:31 AM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\All Users\Documents\clean up
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.40% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 59.22 Gb Free Space | 79.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 74.50 Gb Total Space | 42.64 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
Drive M: | 74.50 Gb Total Space | 42.64 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
Drive R: | 74.50 Gb Total Space | 42.64 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
Drive T: | 232.83 Gb Total Space | 209.08 Gb Free Space | 89.80% Space Free | Partition Type: FAT
Drive V: | 74.50 Gb Total Space | 42.64 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
Drive X: | 74.50 Gb Total Space | 42.64 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
Drive Z: | 74.50 Gb Total Space | 47.37 Gb Free Space | 63.58% Space Free | Partition Type: NTFS
Computer Name: W1115072
Current User Name: R103470
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\All Users\Documents\clean up\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Distillr\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe (Altiris, Inc.)
PRC - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (Altiris, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
PRC - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE (Dell Inc.)
PRC - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE (Dell Inc.)
PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe ()
PRC - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\FSRremoS.EXE ()
PRC - C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
PRC - C:\WINDOWS\System32\SgLogPlayer.exe (Utimaco Safeware AG)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (AeXNSClient [Auto | Running]) -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (Altiris, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (awhost32 [On_Demand | Stopped]) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (DLPWD [Auto | Running]) -- c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE (Dell Inc.)
SRV - (DLSDB [Auto | Running]) -- c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE (Dell Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LMIMaint [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn [Auto | Running]) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Lotus Notes Single Logon [Disabled | Stopped]) -- C:\Program Files\Lotus\Notes\nslsvice.exe (IBM Corp)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Stopped]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (Multi-user Cleanup Service [Disabled | Stopped]) -- C:\Program Files\Lotus\Notes\ntmulti.exe (IBM Corp)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (OneTouch 4.0 Monitor [Auto | Running]) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PrismXL [Auto | Running]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (SgeClient [Auto | Running]) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe ()
SRV - (SgeCtl [Auto | Running]) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe (Utimaco Safeware AG)
SRV - (SgLogPlayer [Auto | Running]) -- C:\WINDOWS\System32\SgLogPlayer.exe (Utimaco Safeware AG)
SRV - (vpnagent [Auto | Running]) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (WksCfgSrv [Auto | Running]) -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe (Utimaco Safeware AG)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\All Users\Documents\clean up\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Utimaco\SafeGuard Easy\SgMsgBhk.dll (Utimaco Safeware AG)
MOD - C:\WINDOWS\System32\aminit.dll (Altiris, Inc.)
MOD - C:\WINDOWS\System32\petipado.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywayIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.yahoo....e...-8&fr=b1ie7IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.advisorcompass.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 14:16:00 | 00,000,000 | ---D | M]
O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0cd8855f-07fc-482a-bf4b-8e8ffea746a3} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [AltirisConfiguration] C:\Program Files\Configuration\ConfigCheck\ScheduleConfig.vbs ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DLPSP] c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [liyakehiw] C:\WINDOWS\System32\petipado.DLL ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [nohopuravi] File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RunningApp] C:\Program Files\Configuration\shared\Runningapp.vbs ()
O4 - HKLM..\Run: [SGEConfiguration] C:\Program Files\Utimaco\SafeGuard Easy\SGEConfigurations.bat ()
O4 - HKLM..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [USG] C:\WINDOWS\System32\USG.EXE ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 127.0.0.1 ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 50below.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: advisorcompass.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aefatesting.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aexp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: americanexpress.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameriprise.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameriprise.webex.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameriprisecentral.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameripriseu.webex.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: amexweb.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ampadvisor.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ampf.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: assetlink.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: brainshark.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cenveo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: documentsonthenet.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ezdata.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com ([ampf] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com/java ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com/java/index.htm ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fiserv.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: forefield.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: foremostadvice.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: FundPOINTDesktop.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mainaccount.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: marketwatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: morningstar.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ogilvy.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: orders.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pii121.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: riversource.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: smartofficeonline.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433}
https://ampf.ez-data...s/SOConfig6.cab (SOConfig6 Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1175715704046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.micros...b?1175715759437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {9C8CBDB4-53AC-4434-B3B2-404B1C5533F3}
https://ams.stoneriv.../amsrptview.cab (FISERV FIPSCO Report Viewer)
O16 - DPF: {C37CCB56-C46A-4778-98C7-7B12A9C1EEAD}
https://atslead.ez-d...ficeLinkOLM.cab (SmartOfficeLinkOLM Class)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B}
https://webmail.advi...ecom0/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://ameriprise.w...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 159.202.20.190 159.202.50.190 159.202.70.11 165.87.13.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ampf.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (aminit.dll) - C:\WINDOWS\System32\aminit.dll (Altiris, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (SGGINA.DLL) - C:\WINDOWS\System32\SGGINA.DLL (Utimaco Safeware AG)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NotLog: DllName - SGLogEx.dll - C:\WINDOWS\System32\SGLogEx.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O21 - SSODL: jisudiwuk - {8ee9de7f-4bb8-4d30-8bd2-96615906372c} - C:\WINDOWS\System32\petipado.dll ()
O22 - SharedTaskScheduler: {8ee9de7f-4bb8-4d30-8bd2-96615906372c} - gahurihor - C:\WINDOWS\System32\petipado.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\_avp32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~1.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\a.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aAvgApi.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AAWTray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\About.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ackwin32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\adaware.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Ad-Aware.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\advxdwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AdwarePrj.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentsvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alertsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alevir.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alogserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AluSchedulerSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\amon9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\anti-trojan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ants.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apimonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aplica32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apvxdwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\arr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Arrakis3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashAvast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashBug.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashChest.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashCnsnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashLogV.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashMaiSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashPopWz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashQuick.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimp2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimpl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPck.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashWebSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswChLic.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRegSvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRunDll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atcon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atro55en.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atupdater.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\au.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autodown.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\auto-protect.nav80try.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autotrace.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autoupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\av360.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVCare.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avciman.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ave32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVENGINE.EXE: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgchk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgdumpx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgemc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgiproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnsx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgrsx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgscanx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv9.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgsrmax.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgtray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkpop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkwctl9.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avltmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmailc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmcdlg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avp32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpdos32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avptc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsched32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsynmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avupgsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVWEBGRD.EXE: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwinnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwsc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitor9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitornt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxquar.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\b.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\backweb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bargains.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bd_professional.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDInProcPatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdmcon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDMsnScan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdreinit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdsubwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDSurvey.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdtkexec.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdwizreg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\beagle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\belt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidef.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcpevalsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bisp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blink.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blss.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootconf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootwarn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\borg2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brasil.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bs120.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bspatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bvt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\c.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cavscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccevtmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccpxysvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccSvcHst.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cdp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfgwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiaudit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpconfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfplogvw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Cl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95cf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\clean.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanIELow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanpc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\click.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmesys.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmgrdian.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmon016.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\connectionmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\control: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpf9x206.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpfnt206.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\crashrep.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\csc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssconfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssupdat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssurf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwnb181.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwntdwmo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\d.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\datemanager.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dcomx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defalert.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defscangui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deloeminfs.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deputy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\divx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllcache.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllreg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\doors.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpfsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpps2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\driverctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwatson.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drweb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dssagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95_0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ecengine.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\efpeadm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\emsw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\esafe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanhnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanv95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\espwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ethereal.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\etrustcipe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\evpn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exantivirus-cnet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exe.avxw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\expert.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\explore.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fact.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-agnt95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fameh32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fch32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fih32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\findviru.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\firewall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixcfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixfp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fnrb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fprot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win_trial.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frmwrk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsaa.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530stbyb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530wtbyb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsm32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsma32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsmb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-stopw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gator.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbmenu.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbn976rl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbpoll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\generics.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gmt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guarddog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hacktracersetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbinst.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\History.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\homeav2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotactio.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotpatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htlog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htpatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hwpe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxdl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxiul.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamstats.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmasn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmavsp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icload95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icloadnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsupp95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsuppnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Identity.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\idle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedriver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\IEShow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iface.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ifw2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\inetlnfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init32.exe : Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intdel.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intren.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iomon98.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\istsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jammer.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jdbgmrg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jedi.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\JsRcGen.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavlite40eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpers40eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kazza.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\keenvalue.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-pf-213-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrl-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrp-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\killprocesssetup161.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\launcher.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldnetmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpromenu.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\licmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\livesrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lnetinfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\loader.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\localnet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lookout.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lordpe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luau.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lucomserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luinit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luspt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mapisvc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmnhdlr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmscsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcnasvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\McSACore.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshell.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshield.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcsysmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mctool.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsrte.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsshld.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\md.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfin32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfw2en.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfweng3.02d30.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrtcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrte.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mghtml.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\minilog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mmod.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\monitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\moolive.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mostat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MPFSrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpftray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrflux.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msa.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msbb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msblast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscache.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msccn32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscman.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdos.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msiexec16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mslaugh.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmgt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmsgri32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssmmc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssys.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msvxd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mu0311ad.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\n32scanw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navap.navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapw32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navdx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navlu32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navstub.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navw32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navwnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nc2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ncinst4.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ndd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neomonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neowatchlog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netarmor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netinfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netscanpro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netspyhunter-1.2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netutils.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisum.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\normist.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\norton_internet_secu_3.0_407.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\notstart.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npf40_tw_98_nt_me_2k.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfmessenger.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprotect.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npscheck.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npssvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsched32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nssys32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nstask32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntrtscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntvdm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntxconfig.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nupgrade.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvarch16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvc95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvsvc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwinst4.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwtool16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAcat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAhlp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAReg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oasrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaview.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ODSW.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ollydbg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\onsrvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\optimize.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ostronet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\otfix.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostproinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ozn695m5.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\padmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\panixk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\patch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PavFnSvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavprsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsched.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsrv51.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pccwin98.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcfwallicon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcip10117_0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsAuxs.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsGui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsTray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdfndr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PerAvir.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\periscope.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\persfw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\perswf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pf2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pfwadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pgmonitr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pingscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\platin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pop3trap.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\poproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\popscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portdetective.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\powerscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppinupdt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pptbc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppvstop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prizesurfer.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procdump.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\processmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procexplorerv1.0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\programauditor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\proport.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protector.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANCU.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANHost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANToManager.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsCtrls.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsImSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PskSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pspf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSUNMain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\purge.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qconsole.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qh.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Quick Heal.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rapapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav8win32eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rcsync.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\realmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\reged.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedt32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rescue.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rescue32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rrguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rscdwld.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rshell.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtvscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtvscn95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rulaunch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rwg: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rwg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SafetyKeeper.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\safeweb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sahagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Save.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveArmor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveDefense.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveKeep.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\savenow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sbserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scam32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scan95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scanpm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scrscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\seccenter.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Secure Veteran.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\secureveteran.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Security Center.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SecurityFighter.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\securitysoldier.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\serv95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setloadorder.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setup_flowprotector_us.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setupvameeval.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sgssfw32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sh.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shellspyinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shield.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\showbehind.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\signcheck.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smart.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smartprotector.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smrtdefp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sms.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smss32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\snetcfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\soap.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sofi.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SoftSafeness.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sperm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sphinx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoler.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoolcv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoolsv32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spywarexpguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spyxx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\srexe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\srng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ss3edit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ssg_4104.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ssgrate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\st2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\start.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\stcloader.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\supftrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\support.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\supporter5.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svchostc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svchosts.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svshost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweep95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweepnet.sweepsrv.sys.swnetsup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symlcsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symproxysvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symtray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\system.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\system32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sysupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tapinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\taskmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\taumon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tca.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tcm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds2-98.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds2-nt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds-3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\teekids.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tfak.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tfak5.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tgbob.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\titanin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\titaninxp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\TPSrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trickler.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trjscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trjsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trojantrap3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\TrustWarrior.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tsadbot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tsc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tvmd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tvtmd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\uiscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\undoboot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\updat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\upgrad.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\upgrepl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\utpost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbcmserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbcons.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbust.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbwin9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbwinntw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vcsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vet32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vet95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vettray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vfsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vir-help.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\virusmdpersonalfirewall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthAux.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthLic.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthUpd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vnlan300.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vnpc3000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpc42.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpfw30s.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vptray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vscan40.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vscenu6.02d30.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsched.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsecomr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vshwin32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsisetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsstat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswin9xe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswinntse.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswinperse.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\w32dsm89.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\W3asbas.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\w9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\watchdog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webdav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\WebProxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webscanx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webtrap.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wfindv32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\whoswatchingme.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wimmun32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win32us.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winactive.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win-bugsfix.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windll32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\window.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windows Police Pro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windows.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wininetd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wininitx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winlogin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winppr32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winrecon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winservn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winssk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winstart.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winstart001.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wintsk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wkufind.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wnad.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wradmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wrctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wsbgate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxas.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxfw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wsctool.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wupdater.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wupdt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wyvernworksfirewall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xp_antispyware.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xpdeluxe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xpf202en.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zapsetup3001.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zatutor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zonalm2601.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - svchost.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/04 15:27:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/08 09:59:46 | 00,000,000 | ---D | M] - T:\autorun -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 14 Days ========== [2009/10/26 12:42:51 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\WEDDSys
[2009/10/26 12:42:52 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\R103470\Application Data\Windows Enterprise Defender
[2009/10/27 12:57:20 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/27 10:07:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/29 10:20:47 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/28 18:33:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/28 18:33:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/27 13:30:34 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/10/27 13:23:32 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\R103470\Desktop\RootRepeal.exe
[2009/10/27 12:58:51 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\R103470\Desktop\kelly.exe
[2009/10/27 12:58:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/27 12:55:51 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\R103470\Desktop\erunt_setup.exe
[2009/10/27 12:55:07 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\R103470\Desktop\SysRestorePoint.exe
[2009/10/27 12:49:01 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\R103470\Desktop\TFC.exe
[2009/10/27 09:38:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\clean up
[2007/12/20 11:08:09 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
========== Files - Modified Within 14 Days ========== [2009/10/29 10:28:56 | 03,427,862 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\ComboFix.exe
[2009/10/29 10:26:54 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/10/29 10:26:52 | 00,002,239 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/10/29 10:25:50 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/29 10:25:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/29 10:25:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/29 10:22:52 | 04,315,192 | -H-- | M] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\IconCache.db
[2009/10/29 10:22:51 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\yezaradu
[2009/10/29 10:22:39 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/10/29 09:00:02 | 00,000,396 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/10/29 08:25:05 | 00,001,805 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\Windows Enterprise Defender.lnk
[2009/10/28 12:02:03 | 00,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/10/27 14:05:51 | 00,009,770 | ---- | M] () -- C:\WINDOWS\wcds.ini
[2009/10/27 14:05:33 | 00,010,498 | ---- | M] () -- C:\WINDOWS\EzCDSODB.INI
[2009/10/27 13:24:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\settings.dat
[2009/10/27 13:23:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\R103470\Desktop\RootRepeal.exe
[2009/10/27 12:58:55 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\R103470\Desktop\kelly.exe
[2009/10/27 12:57:21 | 00,000,639 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\NTREGOPT.lnk
[2009/10/27 12:57:21 | 00,000,620 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\ERUNT.lnk
[2009/10/27 12:55:52 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\R103470\Desktop\erunt_setup.exe
[2009/10/27 12:55:07 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\R103470\Desktop\SysRestorePoint.exe
[2009/10/27 12:49:02 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R103470\Desktop\TFC.exe
[2009/10/21 13:58:31 | 00,244,873 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Milliken Household 10- 21- 2009.XLSM
[2009/10/21 13:55:37 | 00,241,700 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Skarda Household 10- 21- 2009.XLSM
[2009/10/21 13:54:11 | 00,240,338 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Cooper Household 10- 21- 2009.XLSM
[2009/10/21 13:50:10 | 00,242,049 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Thomas Household 10- 21- 2009.XLSM
========== Files - No Company Name ==========[2009/10/29 10:28:53 | 03,427,862 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\ComboFix.exe
[2009/10/29 09:00:01 | 00,000,396 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2009/10/27 13:24:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\settings.dat
[2009/10/27 12:57:21 | 00,000,639 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\NTREGOPT.lnk
[2009/10/27 12:57:21 | 00,000,620 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\ERUNT.lnk
[2009/10/26 12:42:57 | 00,001,805 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\Windows Enterprise Defender.lnk
[2009/10/21 13:58:30 | 00,244,873 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Milliken Household 10- 21- 2009.XLSM
[2009/10/21 13:55:36 | 00,241,700 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Skarda Household 10- 21- 2009.XLSM
[2009/10/21 13:54:11 | 00,240,338 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Cooper Household 10- 21- 2009.XLSM
[2009/10/21 13:50:10 | 00,242,049 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Thomas Household 10- 21- 2009.XLSM
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/29 10:21:23 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\petipado.dll
[2009/07/29 10:21:23 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\wuholove.dll
[2009/01/08 15:32:45 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\WIN.INI
[2009/01/08 15:32:45 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2009/01/08 15:32:45 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/04/29 09:52:24 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/06 10:35:39 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\TaxPrintPDF.dll
[2008/02/05 14:46:57 | 00,000,101 | ---- | C] () -- C:\WINDOWS\applink.ini
[2008/02/05 14:46:56 | 00,000,128 | ---- | C] () -- C:\WINDOWS\Utdsysap.ini
[2008/02/05 14:46:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tmp.ini
[2007/12/20 16:40:12 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\FASTWiz.html
[2007/12/20 16:37:49 | 00,030,393 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\FASTWiz.log
[2007/12/20 13:13:50 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/12/20 11:57:19 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/12/20 11:57:18 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2007/12/20 11:56:56 | 00,007,803 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2007/12/20 11:56:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2007/12/20 11:56:39 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2007/12/20 11:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AEFALDS.INI
[2007/12/20 11:37:39 | 00,010,498 | ---- | C] () -- C:\WINDOWS\EzCDSODB.INI
[2007/12/20 11:14:41 | 00,000,349 | ---- | C] () -- C:\WINDOWS\ezmail.ini
[2007/12/20 11:14:35 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2007/12/20 11:09:13 | 04,315,192 | -H-- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\IconCache.db
[2007/12/20 11:08:30 | 00,009,770 | ---- | C] () -- C:\WINDOWS\wcds.ini
[2007/12/20 11:08:21 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\EzActRpt.dll
[2007/12/20 11:08:21 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\ezhelp32.dll
[2007/12/20 11:08:20 | 00,147,968 | ---- | C] () -- C:\WINDOWS\System32\AL21FVB.DLL
[2007/12/20 11:08:20 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\DTCTRACE.DLL
[2007/12/20 11:08:19 | 03,203,072 | ---- | C] () -- C:\WINDOWS\System32\LCPPN201.DLL
[2007/12/20 11:08:19 | 00,024,461 | ---- | C] () -- C:\WINDOWS\DrDll.INI
[2007/12/20 11:08:12 | 00,377,856 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2007/12/20 11:08:12 | 00,244,736 | ---- | C] () -- C:\WINDOWS\System32\TAB32D20.DLL
[2007/12/20 11:08:12 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\CTREESTD.DLL
[2007/12/20 11:08:12 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\IMP32D20.DLL
[2007/12/20 11:08:12 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\U2LFINRA.DLL
[2007/12/20 11:08:12 | 00,000,151 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2007/12/20 11:08:09 | 00,316,416 | ---- | C] () -- C:\WINDOWS\System32\P2SMCUBE.DLL
[2007/12/20 11:08:09 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\LFFAX60N.DLL
[2007/12/20 11:08:09 | 00,147,241 | ---- | C] () -- C:\WINDOWS\System32\P2OESBSE.DLL
[2007/12/20 11:08:09 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\LFCMP60N.DLL
[2007/12/20 11:08:09 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\U2LEXPO.DLL
[2007/12/20 11:08:09 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25STORE.DLL
[2007/12/20 11:08:09 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\U25TOTAL.DLL
[2007/12/20 11:08:09 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\U25DTS.DLL
[2007/12/20 11:08:09 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\U2LJUL.DLL
[2007/12/20 11:08:09 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFEPS60N.DLL
[2007/12/20 11:08:09 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP60N.DLL
[2007/12/20 11:08:08 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\LFPNG60N.DLL
[2007/12/20 11:08:08 | 00,082,432 | ---- | C] () -- C:\WINDOWS\System32\U2LSQRT.DLL
[2007/12/20 11:08:08 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\U2LESBSE.DLL
[2007/12/20 11:08:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2LPDXTM.DLL
[2007/12/20 11:08:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LSSM.DLL
[2007/12/20 11:08:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LBAR.DLL
[2007/12/20 11:08:08 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\U2LCAPS.DLL
[2007/12/20 11:08:08 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\U2LSTR.DLL
[2007/12/20 11:08:08 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\U2LTIME.DLL
[2007/12/20 11:08:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\U2LTEC1.DLL
[2007/12/20 11:08:08 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\U2LSTRNG.DLL
[2007/12/20 11:08:08 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\U2LSAMP1.DLL
[2007/12/20 11:08:08 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\U2LTDATE.DLL
[2007/12/20 11:08:08 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX60N.DLL
[2007/12/20 11:08:08 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFPCT60N.DLL
[2007/12/20 11:08:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LFPSD60N.DLL
[2007/12/20 11:08:08 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\LFMSP60N.DLL
[2007/12/20 11:08:08 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\LFMAC60N.DLL
[2007/12/20 11:08:07 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\LFTIF60N.DLL
[2007/12/20 11:08:07 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL60N.DLL
[2007/12/20 11:08:07 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\U2LDTS.DLL
[2007/12/20 11:08:07 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\U2LEXCH.DLL
[2007/12/20 11:08:07 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\U2LASC.DLL
[2007/12/20 11:08:07 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA60N.DLL
[2007/12/20 11:08:07 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWPG60N.DLL
[2007/12/20 11:08:07 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWMF60N.DLL
[2007/12/19 20:42:36 | 00,049,776 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/12/19 20:41:06 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\fusioncache.dat
[2007/12/19 20:40:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\R103470\Application Data\desktop.ini
[2007/07/24 14:53:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/07/23 21:22:04 | 00,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/07/23 21:09:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/07/23 21:08:59 | 00,000,511 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/23 20:29:48 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2007/07/23 20:29:45 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2007/07/23 20:22:15 | 00,200,796 | ---- | C] () -- C:\WINDOWS\System32\Crypto.dll
[2007/07/16 12:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/04/04 18:04:55 | 00,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/04 16:56:59 | 00,002,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciinfo.sys
[2007/04/04 15:57:10 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2007/04/04 10:15:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/03/16 17:00:00 | 00,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/02/09 21:26:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/22 17:06:56 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\SGEGINATHK.dll
[2006/09/22 17:06:42 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\Sgegina040C.Dll
[2006/09/22 17:06:38 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\SgeGina0407.Dll
[2006/08/25 11:14:36 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\loaddlln.dll
[2005/11/15 15:32:22 | 00,003,638 | R--- | C] () -- C:\Program Files\Common Files\Altiris_Icon.ico
[2005/03/31 12:27:18 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGCleanLocalGPO.dll
[2004/08/04 06:00:00 | 00,000,564 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 06:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/06 03:30:52 | 00,000,173 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
========== LOP Check ========== [2009/10/29 10:21:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/06/24 11:08:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ameriprise
[2008/07/28 09:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brentmark
[2009/07/15 09:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2007/07/24 13:50:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/04/04 18:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/06/01 13:33:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/07/23 20:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2007/12/20 12:59:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Pack
[2007/12/20 10:46:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Utimaco
[2009/10/26 12:42:51 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\WEDDSys
[2007/12/20 10:47:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/26 12:42:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\R103470\Application Data
[2007/12/19 20:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\ATI
[2008/07/30 15:44:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\Brentmark
[2009/07/15 09:07:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\Cisco
[2008/10/28 13:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/12/20 11:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\CyberLink
[2009/04/22 12:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\E-Z Data
[2007/12/20 10:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\ImagiSOFT
[2007/12/20 18:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\LinkManager 4.0
[2009/07/29 09:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\webex
[2009/10/27 09:01:40 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\R103470\Application Data\Windows Enterprise Defender
[2009/10/29 09:00:02 | 00,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/29 10:25:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ========== < End of report >
Combofix log
ComboFix 09-10-28.08 - R103470 10/29/2009 10:41.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1534 [GMT -4:00]
Running from: c:\documents and settings\R103470\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\R103470\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
c:\documents and settings\R103470\Application Data\Windows Enterprise Defender
c:\documents and settings\R103470\Application Data\Windows Enterprise Defender\Instructions.ini
c:\documents and settings\R103470\Desktop\Windows Enterprise Defender.lnk
c:\documents and settings\R103470\Start Menu\Programs\Windows Enterprise Defender.lnk
c:\documents and settings\R103470\Start Menu\Windows Enterprise Defender.lnk
c:\recycler\S-1-5-21-790525478-1417001333-839522115-500
c:\windows\system32\MabryObj.dll
c:\windows\system32\petipado.dll
c:\windows\system32\win.ini
c:\windows\system32\wuholove.dll
----- BITS: Possible infected sites -----
hxxp://82.98.231.98
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.
2009-10-27 16:57 . 2009-10-28 20:19 -------- d-----w- c:\program files\ERUNT
2009-10-27 14:07 . 2009-10-28 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-26 16:42 . 2009-10-26 16:42 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WEDDSys
2009-10-13 13:32 . 2009-10-13 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-13 13:32 . 2009-10-13 13:32 -------- d-----w- c:\documents and settings\R103470\Application Data\Office Genuine Advantage
2009-09-29 18:33 . 2008-06-09 04:00 131157 ----a-w- c:\windows\system32\dlxbmzil.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 12:22 . 2008-06-01 17:32 -------- d-----w- c:\program files\LogMeIn
2009-10-28 16:02 . 2007-12-20 15:56 -------- d-----w- c:\program files\DYMO Label
2009-10-21 17:33 . 2007-12-20 15:08 -------- d-----w- c:\program files\Client Data System
2009-10-14 21:04 . 2007-07-24 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-08 13:56 . 2009-04-22 16:43 -------- d-----w- c:\program files\Common Files\E-Z Data
2009-10-02 12:59 . 2008-06-01 17:33 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 12:59 . 2008-06-01 17:33 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-02 12:59 . 2008-06-01 17:32 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-21 13:18 . 2009-09-21 13:18 -------- d-----w- c:\documents and settings\R103470\Application Data\InstallShield
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2009-10-28 22:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-10-28 22:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 12:41 . 2008-05-28 16:32 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-08 12:41 . 2008-05-28 16:32 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 13:41 . 2007-12-20 01:32 -------- d-----w- c:\program files\Configuration
2009-08-29 07:36 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 12:23 . 2007-12-20 00:42 49776 ----a-w- c:\documents and settings\R103470\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 23:24 . 2007-04-04 19:25 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-04-04 19:25 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-04-04 19:42 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-04-04 19:25 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-04-04 19:25 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-04-04 19:25 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-04-04 19:42 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2007-04-04 19:25 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2005-11-15 19:32 . 2005-11-15 19:32 3638 ----a-r- c:\program files\Common Files\Altiris_Icon.ico
2001-09-28 22:00 . 2007-07-24 01:22 164864 ----a-w- c:\program files\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl]
@="{ba930330-a721-11d3-a7b9-00500464ee16}"
[HKEY_CLASSES_ROOT\CLSID\{ba930330-a721-11d3-a7b9-00500464ee16}]
2006-09-22 21:02 77824 ----a-w- c:\program files\Utimaco\SafeGuard Easy\SgeDrse.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl2]
@="{2030D939-54A7-4fea-9B06-49EA77EFC87F}"
[HKEY_CLASSES_ROOT\CLSID\{2030D939-54A7-4fea-9B06-49EA77EFC87F}]
2006-09-22 21:02 77824 ----a-w- c:\program files\Utimaco\SafeGuard Easy\SgeDrse.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\udaterui.exe" [2009-03-10 136512]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Distillr\Acrotray.exe" [2006-01-13 483328]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]
"EdWizard"="c:\program files\Utimaco\SafeGuard Easy\EdWizard.exe" [2006-09-22 245760]
"SgeEcView"="c:\program files\Utimaco\SafeGuard Easy\Ecview.exe" [2006-09-22 24576]
"USG"="c:\windows\system32\USG.EXE" [2007-02-07 111351]
"SGEConfiguration"="c:\program files\Utimaco\SafeGuard Easy\SGEConfigurations.bat" [2007-02-01 380]
"RunningApp"="c:\program files\Configuration\shared\Runningapp.vbs" [2007-11-09 194]
"AltirisConfiguration"="c:\program files\Configuration\ConfigCheck\ScheduleConfig.vbs" [2007-09-11 515]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-28 111952]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2008-05-12 143360]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2003-11-20 57344]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-7-23 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-4 24576]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-3-4 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 12:59 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
2002-01-22 20:28 110592 ----a-w- c:\windows\system32\SGLogEx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 17:10 18744 ----a-w- c:\windows\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\AMInit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\ALInstaller\\ALInstaller.exe"=
"c:\\Program Files\\sybase\\SQL Anywhere 7\\Win32\\dbsrv7.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Cisco Systems\\VPN Client\\cvpnd.exe"=
"c:\\Program Files\\sybase\\SQL Anywhere 7\\Win32\\dbeng7.exe"=
"c:\\Program Files\\Financial Advisory Service\\Java\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Altiris\\Altiris Agent\\AeXNSAgent.exe"=
"c:\\Program Files\\Financial Advisory Service\\Financial Advisory Service.exe"=
"c:\\Program Files\\Dell Printers\\Additional Color Laser Software\\Status Monitor\\dlpsp.exe"=
"c:\\WINDOWS\\system32\\FSRremoS.EXE"=
"c:\\Program Files\\Altiris\\Altiris Agent\\AeXAgentUIHost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:AMPF PORT: Cisco VPN Client
"500:UDP"= 500:UDP:AMPF PORT: Cisco VPN Client
R0 AES-256;AES-256;c:\windows\system32\drivers\AES256.sys [9/22/2006 5:04 PM 18464]
R0 SgeFlt;SgeFlt;c:\windows\system32\drivers\SGEFLT.sys [9/22/2006 5:06 PM 61819]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [12/20/2007 1:34 PM 135168]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/28/2008 3:31 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [6/1/2008 1:33 PM 47640]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [5/17/2004 11:56 AM 98304]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [4/26/2009 9:33 PM 427184]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [4/4/2007 3:57 PM 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [4/4/2007 3:57 PM 9216]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-29 c:\windows\Tasks\At2.job
- c:\program files\Configuration\ConfigCheck\Schedule.exe [2007-12-20 12:10]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.advisorcompass.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: 127.0.0.1
Trusted Zone: 50below.com
Trusted Zone: advisorcompass.com
Trusted Zone: aefatesting.com
Trusted Zone: aexp.com
Trusted Zone: americanexpress.com
Trusted Zone: ameriprise.com
Trusted Zone: ameriprise.webex.com
Trusted Zone: ameriprisecentral.com
Trusted Zone: ameripriseu.webex.com
Trusted Zone: amexweb.com
Trusted Zone: ampadvisor.com
Trusted Zone: ampf.com
Trusted Zone: assetlink.com
Trusted Zone: brainshark.com
Trusted Zone: cenveo.com
Trusted Zone: documentsonthenet.com
Trusted Zone: ez-data.com
Trusted Zone: ez-data.com\ampf
Trusted Zone: ez-data.com/java
Trusted Zone: ez-data.com/java/index.htm
Trusted Zone: ezdata.com
Trusted Zone: fiserv.com
Trusted Zone: forefield.com
Trusted Zone: foremostadvice.com
Trusted Zone: FundPOINTDesktop.com
Trusted Zone: mainaccount.com
Trusted Zone: marketwatch.com
Trusted Zone: morningstar.com
Trusted Zone: ogilvy.com
Trusted Zone: orders.com
Trusted Zone: pii121.com
Trusted Zone: riversource.com
Trusted Zone: smartofficeonline.com
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} - hxxps://ampf.ez-data.com/java/downloads/SOConfig6.cab
DPF: {9C8CBDB4-53AC-4434-B3B2-404B1C5533F3} - hxxps://ams.stoneriver.com/reports/control/amsrptview.cab
DPF: {C37CCB56-C46A-4778-98C7-7B12A9C1EEAD} - hxxps://atslead.ez-data.com/java/downloads/SmartOfficeLinkOLM.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{0cd8855f-07fc-482a-bf4b-8e8ffea746a3} - tinonere.dll
HKLM-Run-liyakehiw - c:\windows\system32\petipado.dll
HKLM-Run-nohopuravi - dezifamu.dll
SharedTaskScheduler-{8ee9de7f-4bb8-4d30-8bd2-96615906372c} - c:\windows\system32\petipado.dll
SSODL-jisudiwuk-{8ee9de7f-4bb8-4d30-8bd2-96615906372c} - c:\windows\system32\petipado.dll
AddRemove-HijackThis - c:\documents and settings\R103470\Desktop\spyware tools\HijackThis.exe
AddRemove-Savings Bond Wizard - c:\windows\unvise32.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-29 10:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\SGGINA.DLL
c:\windows\system32\SGEGINA.DLL
c:\program files\Utimaco\SafeGuard Easy\CMFCAPI.DLL
c:\program files\Utimaco\SafeGuard Easy\FLTAPI.dll
c:\windows\system32\SGEGINATHK.DLL
c:\program files\Utimaco\SafeGuard Easy\EcView.dll
c:\program files\Utimaco\SafeGuard Easy\SgeUtil.dll
c:\program files\Utimaco\SafeGuard Easy\SgUicl.dll
c:\program files\Utimaco\SafeGuard Easy\CMessage.dll
c:\program files\Utimaco\SafeGuard Easy\SgWin32.dll
c:\program files\Utimaco\SafeGuard Easy\SCClass.dll
c:\program files\Utimaco\SafeGuard Easy\SGUICLRES.DLL
c:\program files\Utimaco\SafeGuard Easy\SGUICL.MSG
c:\program files\Utimaco\SafeGuard Easy\SGE_ERR0409.DLL
c:\program files\Utimaco\SafeGuard Easy\SGE_MSG0409.DLL
c:\program files\Utimaco\SafeGuard Easy\encviewer.ocx
c:\program files\Utimaco\SafeGuard Easy\sgea40.dll
c:\program files\Utimaco\SafeGuard Easy\CfgApi.dll
c:\program files\Utimaco\SafeGuard Easy\SGEDRV.dll
c:\program files\Utimaco\SafeGuard Easy\SGE_INFO0409.DLL
c:\windows\system32\LMIinit.dll
c:\windows\system32\PCANotify.dll
c:\program files\Utimaco\SafeGuard Easy\DComSec.dll
c:\windows\system32\GetUserSid.dll
c:\windows\system32\LogMsgApp.Dll
c:\windows\system32\LogData.dll
c:\windows\system32\SGLogEx.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Utimaco\SafeGuard Easy\SecClassFactoryPS.dll
c:\program files\Utimaco\SafeGuard Easy\wkscfgsrvps.dll
- - - - - - - > 'Explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\program files\Utimaco\SafeGuard Easy\SgMsgBhk.dll
c:\program files\Utimaco\SafeGuard Easy\SgeDrse.dll
c:\program files\Utimaco\SafeGuard Easy\SgeUtil.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Utimaco\SafeGuard Easy\SgeClient.exe
c:\program files\Utimaco\SafeGuard Easy\SgeCtl.exe
c:\windows\system32\SgLogPlayer.exe
c:\program files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\program files\Network Associates\Common Framework\McTray.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Altiris\Altiris Agent\AeXAgentUIHost.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
.
**************************************************************************
.
Completion time: 2009-10-29 10:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 14:53
Pre-Run: 63,501,963,264 bytes free
Post-Run: 63,422,734,336 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 8D748817532991F9E2661C4732DD5F7F