Internet Security Essentials et al

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Internet Security Essentials et al

Post by jules_uk on Sat 02 Apr 2011, 6:41 am

First topic message reminder :

I have my in-laws aging laptop which has some rather nasty malware on it. There is definitely Internet Security Essentials but due to the range of issues I think there is probably other malware at work too. I have been able to fix some symptoms (msconfig to delete lots of rubbish running at startup, cacls to change permissions on hosts file and the manually remove duff entries, regedit to remove policy deny entries for avg...) but I've not got to the root cause.

I can't run AVG or AdAware, can't open task manager (except in safe mode), can't install Windows updates, can't reliably get on internet (seems when I correct one thing malware breaks another).

Anyway, here's the OTL logs:

OTL.txt:

OTL logfile created on: 01/04/2011 09:34:43 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\GeekPolice
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 92.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.69 Gb Free Space | 12.58% Space Free | Partition Type: NTFS
Drive D: | 249.71 Mb Total Space | 199.91 Mb Free Space | 80.06% Space Free | Partition Type: FAT

Computer Name: NATF | User Name: Fish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 09:56:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\GeekPolice\OTL.com
PRC - [2011/03/19 00:32:45 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2011/03/16 09:05:29 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/17 21:59:04 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes x\iTunesHelper.exe
PRC - [2010/10/01 02:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/10/01 02:52:40 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/12/07 12:50:54 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
PRC - [2009/12/07 12:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/09 10:23:02 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/07/12 22:06:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/03/04 03:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE
PRC - [2004/03/01 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EE.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/31 09:56:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\GeekPolice\OTL.com
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/12/07 12:50:46 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2005/07/09 10:23:00 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SBService)
SRV - File not found [Auto | Stopped] -- -- (navapsvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/19 00:32:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/03/16 09:05:29 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/01 02:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/10/01 02:52:40 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010/03/04 15:08:20 | 002,106,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/04/03 18:12:14 | 000,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/07/08 18:46:42 | 000,817,304 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2004/07/12 22:06:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/03/19 00:33:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2011/03/19 00:33:36 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/03/16 09:05:30 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/03/16 09:05:29 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/04 18:36:15 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/12/27 01:34:46 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/12/27 01:34:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/07/09 10:23:10 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/09 10:23:10 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2005/07/09 10:22:48 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/07/09 10:22:48 | 000,681,344 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/09 10:22:48 | 000,196,736 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2005/07/09 10:22:48 | 000,064,128 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2005/07/09 10:22:46 | 000,572,060 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/07/09 10:22:46 | 000,391,680 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2005/07/08 18:46:42 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/01/31 11:20:03 | 000,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 11:12:46 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/06 11:25:16 | 000,407,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/08/03 22:32:22 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/17 13:51:20 | 000,020,752 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = bt.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 DF C9 17 47 D6 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25556



O1 HOSTS File: ([2011/03/28 18:37:30 | 000,000,734 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes x\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [updateMgr] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KLG-520 Wireless Notebook Network Card Configuration Utility.lnk = C:\Program Files\KLG-520 Wireless Notebook Network Card\WLANPRO.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reg.lnk = C:\Program Files\KLG-520 Wireless Notebook Network Card\Reg.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} [You must be registered and logged in to see this link.] (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Fish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\_avp32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~1.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\a.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aAvgApi.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AAWTray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\About.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ackwin32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\adaware.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Ad-Aware.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\advxdwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AdwarePrj.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentsvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alertsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alevir.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alogserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AluSchedulerSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\amon9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\anti-trojan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ants.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apimonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aplica32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apvxdwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\arr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Arrakis3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashAvast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashBug.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashChest.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashCnsnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashLogV.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashMaiSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashPopWz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashQuick.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimp2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimpl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPck.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashWebSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswChLic.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRegSvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRunDll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atcon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atro55en.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atupdater.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\au.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autodown.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\auto-protect.nav80try.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autotrace.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autoupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\av360.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVCare.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avciman.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ave32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVENGINE.EXE: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgchk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgdumpx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgemc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgiproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnsx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgrsx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgscanx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv9.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgsrmax.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgtray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkpop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkwctl9.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avltmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmailc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmcdlg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avp32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpdos32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avptc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsched32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsynmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avupgsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVWEBGRD.EXE: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwinnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwsc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitor9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitornt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxquar.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\b.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\backweb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bargains.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bd_professional.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDInProcPatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdmcon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDMsnScan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdreinit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdsubwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDSurvey.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdtkexec.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdwizreg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\beagle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\belt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidef.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcpevalsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bisp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blink.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blss.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootconf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootwarn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\borg2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brasil.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bs120.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bspatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bvt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\c.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cavscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccevtmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccpxysvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccSvcHst.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cdp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfgwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiaudit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpconfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfplogvw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Cl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95cf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\clean.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanIELow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanpc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\click.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmesys.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmgrdian.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmon016.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\connectionmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\control: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpf9x206.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpfnt206.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\crashrep.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\csc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssconfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssupdat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssurf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwnb181.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwntdwmo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\d.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\datemanager.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dcomx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defalert.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defscangui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deloeminfs.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deputy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\divx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllcache.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllreg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\doors.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpfsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpps2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\driverctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwatson.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drweb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dssagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95_0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ecengine.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\efpeadm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\emsw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\esafe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanhnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanv95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\espwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ethereal.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\etrustcipe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\evpn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exantivirus-cnet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exe.avxw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\expert.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\explore.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fact.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-agnt95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fameh32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fch32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fih32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\findviru.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\firewall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixcfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixfp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fnrb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fprot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win_trial.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frmwrk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsaa.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530stbyb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530wtbyb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsm32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsma32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsmb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-stopw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gator.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbmenu.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbn976rl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbpoll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\generics.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gmt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guarddog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hacktracersetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbinst.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\History.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\homeav2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotactio.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotpatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htlog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htpatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hwpe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxdl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxiul.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamstats.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmasn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmavsp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icload95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icloadnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsupp95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsuppnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Identity.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\idle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedriver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\IEShow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iface.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ifw2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\inetlnfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init32.exe : Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[1].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[2].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[3].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[4].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[5].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intdel.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intren.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iomon98.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\istsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jammer.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jdbgmrg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jedi.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\JsRcGen.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavlite40eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpers40eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kazza.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\keenvalue.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-pf-213-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrl-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrp-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\killprocesssetup161.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldnetmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpromenu.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\licmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\livesrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lnetinfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\loader.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\localnet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lookout.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lordpe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luau.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lucomserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luinit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luspt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mapisvc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmnhdlr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmscsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcnasvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\McSACore.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshell.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshield.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcsysmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mctool.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsrte.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsshld.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\md.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfin32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfw2en.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfweng3.02d30.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrtcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrte.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mghtml.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\minilog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mmod.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\monitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\moolive.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mostat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MPFSrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpftray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrflux.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msa.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msbb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msblast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscache.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msccn32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscman.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdos.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msfwsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msiexec16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mslaugh.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmgt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MsMpEng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmsgri32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssmmc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssys.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msvxd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mu0311ad.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\n32scanw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navap.navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapw32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navdx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navlu32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navstub.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navw32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navwnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nc2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ncinst4.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ndd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neomonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neowatchlog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netarmor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netinfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netscanpro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netspyhunter-1.2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netutils.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisum.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\normist.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\norton_internet_secu_3.0_407.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\notstart.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npf40_tw_98_nt_me_2k.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfmessenger.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprotect.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npscheck.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npssvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsched32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nssys32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nstask32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntrtscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntvdm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntxconfig.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nupgrade.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvarch16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvc95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvsvc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwinst4.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwtool16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAcat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAhlp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAReg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oasrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaview.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OcHealthMon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ODSW.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ollydbg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\onsrvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\optimize.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ostronet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\otfix.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostproinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ozn695m5.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\padmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\panixk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\patch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PavFnSvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavprsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsched.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsrv51.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pccwin98.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcfwallicon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcip10117_0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsAuxs.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsGui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsTray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdfndr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PerAvir.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\periscope.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\persfw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\perswf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pf2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pfwadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pgmonitr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pingscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\platin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pop3trap.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\poproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\popscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portdetective.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\powerscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppinupdt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pptbc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppvstop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prizesurfer.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procdump.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\processmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procexplorerv1.0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\programauditor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\proport.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protector.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANCU.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANHost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANToManager.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsCtrls.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsImSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PskSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pspf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSUNMain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\purge.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qconsole.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qh.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Quick Heal.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rapapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav8win32eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rcsync.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\realmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\reged.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedt32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rescue.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rescue32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rrguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rscdwld.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rshell.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtvscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtvscn95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rulaunch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rwg: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rwg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SafetyKeeper.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\safeweb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sahagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Save.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveArmor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveDefense.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveKeep.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\savenow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sbserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sc.exe: Debugger - svchost.exe (Microsoft Corporation)

jules_uk

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-03-30
Operating System : XP

View user profile

Back to top Go down


Re: Internet Security Essentials et al

Post by jules_uk on Fri 22 Apr 2011, 7:21 pm

Hi Crush

There is only one hard drive partition which is C. I do have a USB drive D and also a CD drive available. What would you like me to try?

Jules


Last edited by jules_uk on Fri 22 Apr 2011, 7:35 pm; edited 1 time in total (Reason for editing : typo)

jules_uk

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-03-30
Operating System : XP

View user profile

Back to top Go down

Re: Internet Security Essentials et al

Post by Crush on Sat 23 Apr 2011, 4:47 am

There should be the USB drive labeled F. That one is infected with an autorun worm.

Once you have it:

Please download Flash_Disinfector from HERE

  • First, download it to your desktop.
  • Now double click it to run it and will tell it you what to do when you open it.
  • It will temporarily kill explorer.exe and your desktop will go blank.
  • Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
  • It will make a dummy autorun.inf in the root of every drive.
  • You can now delete Flash_Disinfector.exe.

=========

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O33 - MountPoints2\{7141d0c1-3b99-11e0-bcb3-00032f2874ad}\Shell - "" = AutoRun
    O33 - MountPoints2\{7141d0c1-3b99-11e0-bcb3-00032f2874ad}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7141d0c1-3b99-11e0-bcb3-00032f2874ad}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
    O33 - MountPoints2\{e34a8c80-332c-11de-ba1f-00032f2874ad}\Shell - "" = AutoRun
    O33 - MountPoints2\{e34a8c80-332c-11de-ba1f-00032f2874ad}\Shell\Auto\command - "" = F:\RavMon.exe
    O33 - MountPoints2\{e34a8c80-332c-11de-ba1f-00032f2874ad}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e34a8c80-332c-11de-ba1f-00032f2874ad}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25556


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Internet Security Essentials et al

Post by jules_uk on Sat 23 Apr 2011, 7:13 am

Hi Crush

I don't have an F: drive. When I put a USB stick in it gets the letter D: assigned to it. E: is the DVD/CD Drive and G: is the MemoryStick but there is no F:. It must have been some previous device that someone else plugged in I guess.

I tried downloading Flash_Disinfector from the link you gave using a working computer but AVG flagged it as a threat. See this screenshot: . Is there a problem with the file you linked?

I have run the OTL commands you gave though and here is the log:

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7141d0c1-3b99-11e0-bcb3-00032f2874ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7141d0c1-3b99-11e0-bcb3-00032f2874ad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7141d0c1-3b99-11e0-bcb3-00032f2874ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7141d0c1-3b99-11e0-bcb3-00032f2874ad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7141d0c1-3b99-11e0-bcb3-00032f2874ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7141d0c1-3b99-11e0-bcb3-00032f2874ad}\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e34a8c80-332c-11de-ba1f-00032f2874ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e34a8c80-332c-11de-ba1f-00032f2874ad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e34a8c80-332c-11de-ba1f-00032f2874ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e34a8c80-332c-11de-ba1f-00032f2874ad}\ not found.
File F:\RavMon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e34a8c80-332c-11de-ba1f-00032f2874ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e34a8c80-332c-11de-ba1f-00032f2874ad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e34a8c80-332c-11de-ba1f-00032f2874ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e34a8c80-332c-11de-ba1f-00032f2874ad}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_210304

What do you suggest now?

jules_uk

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-03-30
Operating System : XP

View user profile

Back to top Go down

Re: Internet Security Essentials et al

Post by Crush on Sat 23 Apr 2011, 10:39 am

Hi,

Nope. F_D is legit. If you turn off your AV it will allow the download. We need to disinfect the flash drive or the infection will just keep coming back

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Internet Security Essentials et al

Post by Sponsored content Today at 2:26 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum