Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems loading certain webpages


  • This topic is locked This topic is locked
9 replies to this topic

#1 InflictBrutality

InflictBrutality

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 31 October 2008 - 10:09 PM

original post:
http://www.bleepingcomputer.com/forums/ind...mp;#entry992980

"Well, about 3 days ago i was infected with numerous viruses from an exe unpacker (vundo, total secure 2009 etc.). Since then i cannot access certain websites, the one that is really concerning me is wellsfargo.com. I really am unsure what to do to fix this. I just get page cannot be found after about 20 seconds of loading. It happends to random other websites as well. Please toss me some feedback. Thanks in advance smile.gif"

Scanned my pc with multiple programs as instructed to, but the issue is still at large. I was refered to here. Hope you guys can help :D thanks in advancee

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:08, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Inflict\Desktop\HiJackThis.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070918
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE" /FU "C:\WINDOWS\TEMP\E_S241.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: spicgl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0032601224233136) (0032601224233136mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\003260~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12446 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:25 PM

Posted 01 November 2008 - 10:29 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

First let's get a more detailed log so we can determine the best plan of attack for you.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 InflictBrutality

InflictBrutality
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 01 November 2008 - 10:42 AM

Hi Sam :thumbsup: its good to be here

OTViewIT.txt

OTViewIt logfile created on: 11/1/2008 8:40:21 AM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Inflict\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 40.99 Gb Free Space | 37.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.92 Gb Total Space | 1.91 Gb Free Space | 99.49% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTLAPTOP
Current User Name: Inflict
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/05/09 12:59:48 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2007/05/09 12:59:38 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/09/08 08:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
[2008/06/21 12:39:08 | 00,792,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2007/12/03 14:21:24 | 00,869,672 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
[2008/07/11 18:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2007/05/31 06:38:48 | 00,053,248 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
[2007/10/03 09:27:04 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
[2008/04/14 05:42:42 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/06/03 12:20:58 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2007/06/06 13:30:22 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2007/06/06 13:30:28 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2007/06/06 13:30:24 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2007/05/09 12:59:46 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2007/06/06 13:28:18 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2006/11/02 12:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
[2006/10/03 09:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2007/04/11 09:27:00 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
[2004/01/05 18:34:40 | 00,040,960 | ---- | M] () -- C:\WINDOWS\vsnpstd2.exe
[2006/10/26 13:45:04 | 00,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2007/08/06 17:05:46 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
[2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2007/12/02 16:30:00 | 00,308,464 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
[2007/12/02 16:30:00 | 00,382,192 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
[2006/03/23 00:13:46 | 01,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
[2008/04/14 05:42:42 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/12/13 19:10:56 | 01,688,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2005/09/18 18:40:42 | 01,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe
[2008/06/19 10:51:30 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
[2007/08/30 15:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[2007/10/03 09:27:08 | 01,222,984 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
[2008/09/03 14:07:12 | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[2006/11/03 16:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2007/12/13 19:10:56 | 00,447,784 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
[2007/10/08 14:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
[2008/08/29 14:14:14 | 07,671,408 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/06/20 05:01:18 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/11/01 08:39:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Inflict\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (0032601224233136mcinstcleanup [Auto | Stopped])
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [Disabled | Stopped])
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/19 10:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2008/10/27 06:24:11 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/09/08 08:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
[2008/06/21 12:39:08 | 00,792,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2008/06/20 13:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2008/06/20 05:01:18 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2007/12/03 14:21:24 | 00,869,672 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2007/12/13 19:10:56 | 00,447,784 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
[2006/11/05 09:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2006/11/05 09:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2007/11/14 12:41:34 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2006/09/14 12:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2007/05/31 06:38:48 | 00,053,248 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe -- (WinTabService [Auto | Running])
[2007/05/09 12:59:48 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
[2006/10/18 18:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2007/10/03 09:27:04 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running])

========== Driver Services ==========

[2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
[2005/02/23 15:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])
[2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/14 00:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2007/05/09 12:59:42 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2007/05/08 19:49:02 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/08/18 11:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2006/08/18 11:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2006/08/11 08:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006/08/18 11:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
[2006/08/18 11:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006/08/18 11:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006/08/18 11:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2006/08/11 08:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2006/08/18 11:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006/08/18 11:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2006/07/21 09:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2006/08/11 09:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 10:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2006/11/02 10:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02 [On_Demand | Running])
[2001/08/17 10:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/04/23 19:15:44 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2007/04/23 19:15:46 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/06/06 13:30:32 | 05,707,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])
[2007/05/08 18:22:58 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
[2008/04/14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/04/11 16:32:52 | 00,034,832 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2007/04/11 16:32:58 | 00,036,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2007/04/23 19:15:48 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/06/27 06:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2008/06/27 06:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2008/06/27 06:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2008/06/20 05:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2008/06/27 06:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2008/06/02 14:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/04/14 00:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2007/06/28 12:44:58 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
[2007/06/28 12:44:16 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
[2007/06/28 12:44:18 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
[2007/06/28 12:44:18 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
[2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/05/08 19:46:06 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007/05/08 19:46:08 | 00,043,520 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2007/05/08 19:46:12 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2008/09/03 14:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/09/03 14:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/09/03 14:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/08/06 17:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2008/04/14 00:06:46 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 00:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2004/03/22 21:31:52 | 00,302,720 | ---- | M] () -- C:\WINDOWS\system32\drivers\snpstd2.sys -- (snpstd2 [On_Demand | Stopped])
[2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/10/01 17:28:36 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/06/06 13:28:16 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2007/06/03 12:20:58 | 00,202,912 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2007/04/23 08:28:56 | 00,017,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Tablet2k.sys -- (Tablet2k [On_Demand | Stopped])
[2007/04/23 08:28:56 | 00,018,432 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k [On_Demand | Stopped])
[2007/05/31 10:33:44 | 00,012,800 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid [On_Demand | Stopped])
[2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/14 00:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2006/11/02 08:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2007/04/23 19:15:46 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/14 00:06:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2005/09/18 18:02:52 | 00,005,632 | ---- | M] () -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070918
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070918

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070918
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070918
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter (SupportSoft, Inc.)
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech Inc.)
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" (Synaptics, Inc.)
"WTClient"=WTClient.exe (Tablet Driver)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= File not found
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" (Dell, Inc.)
"EPSON Stylus CX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE" /FU "C:\WINDOWS\TEMP\E_S241.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win (YourWare Solutions ™)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= File not found
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" (Dell, Inc.)
"EPSON Stylus CX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE" /FU "C:\WINDOWS\TEMP\E_S241.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win (YourWare Solutions ™)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========

[2006/11/03 16:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 20:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 20:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Create Mobile Favorite... -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 13:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2006/10/26 20:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 13:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 13:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 13:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2902739482-4000221326-1732772345-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2006/10/26 20:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 13:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
vzTCPConfig: http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1DC13368-7D47-44C7-A880-657E18371752} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{58F5BE18-B5A2-4EC5-BAEC-09B9EF6ECB29} (Servers: | Description: )
{592E6CE3-0AAB-46AE-AB16-5B7901BEABE5} (Servers: | Description: Windows Mobile-based Device)
{B92918EF-69AB-4C03-A150-DEB9CD9E74F3} (Servers: | Description: Dell Wireless 1390 WLAN Mini-Card)
{ED67323D-99B3-4DC9-987B-EC2EA21B64BD} (Servers: | Description: 1394 Net Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=spicgl.dll
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 11:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7188a20-0aad-11dd-9a88-001c26980a76}\Shell\AutoRun\command]
""=G:\launch.bat -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/11/01 08:39:29 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Inflict\Desktop\OTViewIt.exe
[2008/10/31 19:15:21 | 32,109,32224 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/31 19:05:29 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe
[2008/10/31 19:05:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/31 19:05:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/31 19:05:28 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2008/10/31 19:05:28 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2008/10/31 19:00:31 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Inflict\Desktop\HiJackThis.exe
[2008/10/31 08:02:36 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/31 07:56:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/30 20:10:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/10/30 20:10:04 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/10/30 20:10:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Application Data\SUPERAntiSpyware.com
[2008/10/30 20:09:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/30 18:23:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Desktop\Adobe CS4 Master Collection - Cracks only
[2008/10/30 14:37:48 | 00,340,547 | ---- | C] () -- C:\Documents and Settings\Inflict\Desktop\L12end.ai
[2008/10/30 14:34:27 | 06,540,874 | ---- | C] () -- C:\Documents and Settings\Inflict\Desktop\L11start.ai
[2008/10/30 14:32:36 | 01,709,600 | ---- | C] () -- C:\Documents and Settings\Inflict\Desktop\L10start.ai
[2008/10/30 14:26:43 | 02,753,063 | ---- | C] () -- C:\Documents and Settings\Inflict\Desktop\First Day Of My Life-Bright Eyes.mp3
[2008/10/29 20:57:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\My Documents\j
[2008/10/29 16:14:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Application Data\Webroot
[2008/10/29 16:14:34 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2008/10/29 16:14:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Webroot Shared
[2008/10/29 16:14:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2008/10/29 16:14:25 | 00,196,424 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\Unwash6.exe
[2008/10/28 16:31:32 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/10/28 07:21:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\My Documents\New Folder (2)
[2008/10/27 19:31:49 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Inflict\Desktop\My Computer.lnk
[2008/10/27 19:27:04 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/10/27 19:27:01 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/27 19:27:00 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/10/27 19:22:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/27 17:57:36 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/10/27 17:57:35 | 00,000,000 | ---D | C] -- C:\rsit
[2008/10/27 08:18:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Desktop\New Folder (5)
[2008/10/27 06:52:54 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2008/10/27 06:46:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/10/25 16:30:52 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2008/10/25 16:30:52 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2008/10/25 16:30:48 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/10/25 16:30:48 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2008/10/25 14:59:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Local Settings\Application Data\WMTools Downloaded Files
[2008/10/25 13:12:53 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/25 12:32:15 | 00,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2008/10/25 12:31:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Local Settings\Application Data\Ahead
[2008/10/25 12:31:41 | 00,002,352 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2008/10/25 12:30:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Application Data\Nero
[2008/10/25 12:27:15 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2008/10/25 12:27:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2008/10/25 12:27:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/10/25 12:25:48 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/10/25 12:25:44 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/10/25 09:31:15 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2008/10/25 09:29:46 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2008/10/25 09:29:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2008/10/25 09:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2008/10/25 09:28:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2008/10/25 09:26:10 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2008/10/25 09:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2008/10/25 09:24:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Local Settings\Application Data\Microsoft Help
[2008/10/25 09:24:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/10/25 09:24:07 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2008/10/24 03:06:54 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/23 22:41:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Local Settings\Application Data\Navnet_Solutions
[2008/10/23 22:40:38 | 00,000,000 | ---D | C] -- C:\Program Files\NavNet
[2008/10/22 17:38:40 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/10/22 17:38:39 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/10/22 17:38:39 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/10/22 17:29:06 | 00,035,314 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2008/10/22 17:29:02 | 00,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2008/10/22 17:29:01 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2008/10/22 17:21:52 | 00,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2008/10/17 13:07:38 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/10/16 14:29:48 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2008/10/16 14:29:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Application Data\Winamp
[2008/10/16 13:58:36 | 00,070,528 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/16 11:42:06 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2008/10/16 11:40:50 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/10/16 11:39:16 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/16 11:39:13 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/10/15 20:16:10 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 20:16:00 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 20:15:02 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 20:15:02 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 20:15:01 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 20:15:00 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/08 11:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2008/10/08 11:28:37 | 00,000,000 | ---D | C] -- C:\Program Files\EffeTech HTTP Sniffer
[2008/10/06 21:43:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Inflict\Desktop\2005 - Olden (split Fall of the Bastards & Book of Black Earth)
[2008/10/06 17:23:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/11/01 08:39:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Inflict\Desktop\OTViewIt.exe
[2008/11/01 08:38:09 | 00,024,705 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/11/01 08:36:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/01 08:36:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/01 08:36:34 | 32,109,32224 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/01 01:00:07 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/10/31 19:05:47 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/31 19:00:30 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Inflict\Desktop\HiJackThis.exe
[2008/10/31 08:02:37 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/31 06:13:21 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Inflict\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/30 18:54:10 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/30 18:46:25 | 02,753,063 | ---- | M] () -- C:\Documents and Settings\Inflict\Desktop\First Day Of My Life-Bright Eyes.mp3
[2008/10/30 14:37:48 | 00,340,547 | ---- | M] () -- C:\Documents and Settings\Inflict\Desktop\L12end.ai
[2008/10/30 14:34:37 | 06,540,874 | ---- | M] () -- C:\Documents and Settings\Inflict\Desktop\L11start.ai
[2008/10/30 14:32:36 | 01,709,600 | ---- | M] () -- C:\Documents and Settings\Inflict\Desktop\L10start.ai
[2008/10/29 23:14:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/29 20:18:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2008/10/28 16:31:32 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/10/28 06:46:58 | 00,481,548 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/28 06:46:58 | 00,411,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/28 06:46:58 | 00,065,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/27 19:31:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/27 19:27:04 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/10/27 08:11:36 | 02,384,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/27 07:11:27 | 00,089,832 | ---- | M] () -- C:\Documents and Settings\Inflict\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/25 13:32:50 | 00,000,864 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/25 13:32:50 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2008/10/25 12:31:41 | 00,002,352 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2008/10/25 12:27:54 | 00,070,528 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/22 21:43:29 | 04,769,896 | -H-- | M] () -- C:\Documents and Settings\Inflict\Local Settings\Application Data\IconCache.db
[2008/10/22 17:39:28 | 00,035,314 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2008/10/22 17:38:54 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/10/22 17:38:54 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/10/22 17:38:54 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/10/22 17:29:02 | 00,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2008/10/22 17:29:01 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/16 03:02:55 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 09:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 09:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 02:20:07 | 00,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/10/10 07:58:08 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/10 07:58:08 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/07 12:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

Extras.txt

OTViewIt Extras logfile created on: 11/1/2008 8:40:21 AM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Inflict\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 40.99 Gb Free Space | 37.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.92 Gb Total Space | 1.91 Gb Free Space | 99.49% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTLAPTOP
Current User Name: Inflict
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found
.txt [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/11/03 00:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2007/08/30 15:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 15:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/09/26 14:41:58 | 15,997,240 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/09/06 02:36:40 | 12,083,200 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III
[2006/10/17 21:24:19 | 12,554,240 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs
[2007/10/25 03:19:26 | 05,051,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties
[2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/06/19 10:51:30 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2006/10/27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006/10/27 15:37:44 | 00,338,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2006/10/27 15:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2008/08/14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/27 00:48:02 | 00,222,512 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/04 16:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/04 11:43:36 | 00,121,632 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}"=Adobe Color NA Recommended Settings CS4
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}"=Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}"=Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{098727E1-775A-4450-B573-3F441F1CA243}"=kuler
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}"=Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}"=Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}"=Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}"=Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}"=Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}"=AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}"=Adobe ExtendScript Toolkit 2
"{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}"=EPSON Stylus CX7400 Series Scanner Driver Update
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}"=Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}"=PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}"=Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}"=Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}"=Adobe Color - Photoshop Specific CS4
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}"=Adobe WinSoft Linguistics Plugin
"{3EBD3749-304E-4A4C-9575-C00E5F015217}"=Apple Mobile Device Support
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}"=Adobe Service Manager Extension
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}"=Adobe Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}"=Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5FCCD531-1B38-4A94-924C-127F722F1033}"=Nero 8
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}"=Browser Address Error Redirector
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}"=Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}"=Adobe Photoshop CS4 Support
"{64658686-0CD4-4CF6-983D-0A6BE32007DB}"=Business Complete Care Services Agreement
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}"=Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}"=AdobeColorCommonSetCMYK
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}"=Age of Empires III
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}"=Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}"=Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}"=Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}"=Adobe Illustrator CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}"=Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}"=Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}"=Adobe CMaps CS4
"{99052DB7-9592-4522-A558-5417BBAD48EE}"=Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.0
"{B045B608-4A47-4C77-9EAD-06C394503306}"=iTunes
"{B29AD377-CC12-490A-A480-1452337C618D}"=Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}"=Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}"=Adobe Output Module
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}"=Nokia Connectivity Cable Driver
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}"=Age of Empires III - The Asian Dynasties
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}"=Adobe Default Language CS4
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}"=Broadcom Management Programs
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}"=Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}"=IntelliSonic Speech Enhancement
"{D504303A-717D-414C-BA9F-FE01093E2EF8}"=Adobe Setup
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}"=Roxio MyDVD DE
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}"=Microsoft XML Parser
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center (Support Software)
"{E4848436-0345-47E2-B648-8B522FCDA623}"=Adobe Photoshop CS4
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1"=Tortun 0.8
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}"=USB PC Camera (SN9C103)
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}"=Adobe Search for Help
"{F56F9237-B298-48B4-BC57-2E4629987700}"=Dell DataSafe Online
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}"=Modem Diagnostic Tool
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}"=Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}"=Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}"=Adobe Fonts All
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"{FFC1ADE3-944B-4231-894E-3903C37271D2}"=Adobe Setup
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04"=Adobe Illustrator CS4
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6"=Adobe Illustrator CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390"=Adobe Flash CS3 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8"=Adobe Photoshop CS4
"AIM_6"=AIM 6
"ASIO4ALL"=ASIO4ALL
"Azureus Vuze"=Azureus Vuze
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"BuddyList Ops 1.0.0.1"=BuddyList Ops 1.0.0.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F"=Conexant HDA D330 MDC V.92 Modem
"Collab"=Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"Diablo II"=Diablo II
"EffeTech HTTP Sniffer v4.1"=EffeTech HTTP Sniffer v4.1
"ENTERPRISE"=Microsoft Office Enterprise 2007
"EPSON Printer and Utilities"=EPSON Printer Software
"EPSON Scanner"=EPSON Scan
"FL Studio 8"=FL Studio 8
"HDMI"=Intel® Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"IL Download Manager"=IL Download Manager
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}"=Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}"=Age of Empires III - The Asian Dynasties
"KLiteCodecPack_is1"=K-Lite Codec Pack 3.4.5 Standard
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NavNet_is1"=NavNet
"PeerGuardian_is1"=PeerGuardian 2.0
"PoiZone"=PoiZone
"PowerISO"=PowerISO
"SearchAssist"=SearchAssist
"Silent Package Run-Time Sample"=EPSON CX7400 User's Guide
"Soulseek"=SoulSeek Client 156c
"SynTPDeinstKey"=Dell Touchpad
"Toxic Biohazard"=Toxic Biohazard
"ViewpointMediaPlayer"=Viewpoint Media Player
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp"=Winamp
"Window Washer"=Window Washer
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows Mobile Device Handbook"=Windows Mobile® Device Handbook
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPcapInst"=WinPcap 4.1 beta2
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Copy Express"=Xilisoft DVD Copy Express
"Xilisoft DVD Creator"=Xilisoft DVD Creator
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2008 10:57:47 AM | Computer Name = MATTLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/24/2008 10:57:47 AM | Computer Name = MATTLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/25/2008 11:02:57 AM | Computer Name = MATTLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application Mywars Black Edition.exe, version 1.1.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2008 11:12:08 PM | Computer Name = MATTLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, faulting module
AcroRd32.dll, version 8.1.0.137, fault address 0x002c07a4.

Error - 10/28/2008 2:20:45 PM | Computer Name = MATTLAPTOP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1428 (0x594) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.384
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Inflict\My
Documents\Azureus Downloads\Adobe CS4\Creative Suite 4 Web Standard\STDVCS4_Cont_LS1.exe

by C:\Program Files\Azureus\Azureus.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/28/2008 2:38:34 PM | Computer Name = MATTLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application Roxio_Central33.exe, version 3.30.65.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/29/2008 6:49:49 PM | Computer Name = MATTLAPTOP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 6124 (0x17ec) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.384
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Inflict\My
Documents\Azureus Downloads\Adobe CS4\Creative Suite 4 Production Premium\STVDCS4_Cont_LS7.exe

by C:\Program Files\Azureus\Azureus.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/31/2008 8:33:44 PM | Computer Name = MATTLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/31/2008 8:33:44 PM | Computer Name = MATTLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/31/2008 10:02:42 PM | Computer Name = MATTLAPTOP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1912 (0x778) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.384
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Inflict\My
Documents\Azureus Downloads\Adobe CS4\Creative Suite 4 Master Collection\STAMCS4_Cont_LS1.exe

by C:\Program Files\Azureus\Azureus.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 11/1/2008 9:25:12 AM | Computer Name = MATTLAPTOP | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/1/2008 9:25:15 AM | Computer Name = MATTLAPTOP | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/1/2008 9:25:18 AM | Computer Name = MATTLAPTOP | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 11/1/2008 9:25:21 AM | Computer Name = MATTLAPTOP | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 11/1/2008 9:25:23 AM | Computer Name = MATTLAPTOP | Source = Service Control Manager | ID = 7031
Description = The McAfee SystemGuards service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/1/2008 9:25:29 AM | Computer Name = MATTLAPTOP | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 2 time(s).

Error - 11/1/2008 9:26:10 AM | Computer Name = MATTLAPTOP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Services service, but
this action failed with the following error: %%1056

Error - 11/1/2008 9:26:12 AM | Computer Name = MATTLAPTOP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Network Agent service,
but this action failed with the following error: %%1056

Error - 11/1/2008 9:26:21 AM | Computer Name = MATTLAPTOP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Real-time Scanner service,
but this action failed with the following error: %%1056

Error - 11/1/2008 9:26:24 AM | Computer Name = MATTLAPTOP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee SystemGuards service,
but this action failed with the following error: %%1056


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:25 PM

Posted 01 November 2008 - 11:01 AM

Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 InflictBrutality

InflictBrutality
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 01 November 2008 - 11:49 AM

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2008-11-01 09:47:52
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcessEx
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwNotifyChangeKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
Code \SystemRoot\system32\drivers\mfehidk.sys ZwQueryMultipleValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwReplaceKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRestoreKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetContextThread
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetInformationProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnloadKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys NtSetInformationProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 1 Byte [ B2 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE2 8050457E 2 Bytes [ EC, B9 ]
.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A858AA00 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A858A9D6 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP A858AA16 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP A858AA2C \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP A858A9EA \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP A858A954 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP A858A968 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP A858A9AE \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP A858A99A \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP A858A981 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP A858A9C2 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP A858AA45 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP A858AB37 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP A858AAF5 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP A858AA9D \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP A858AA87 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP A858AAB3 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP A858AB61 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP A858AB75 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP A858AB4D \SystemRoot\system32\drivers\mfehidk.sys
.text USBPORT.SYS!DllUnload B8E918AC 5 Bytes JMP 8B0F81C8

---- User code sections - GMER 1.0.12 ----

.text C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe[212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
.text C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe[212] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0F81
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0076
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0FA8
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0FB9
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB004A
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB0F55
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB009D
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB00F8
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB00D3
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DB0F44
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DB005B
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DB0F66
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DB00B8
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00EA001B
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00EA0F79
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00EA0FD4
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00EA0036
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00EA0FE5
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00EA0F94
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 0A, 89 ]
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00EA0FA5
.text C:\WINDOWS\system32\services.exe[1024] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0093
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0078
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0051
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00A4
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00EB
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00D0
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0106
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0040
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F79
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00BF
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FC3
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290F97
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290014
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290FD4
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290FB2
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FE5
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0029004A
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0029002F
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F77
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF006C
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0051
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FA8
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F4B
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F66
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F1F
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF00C2
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BF00D3
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BF002F
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BF0087
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BF0014
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BF0FC3
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BF0F3A
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C20F94
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C20FDB
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C20FAF
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ E2, 88 ]
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\lsass.exe[1036] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60F92
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60087
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60FA3
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60FC0
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60FDB
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F600DA
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F600C9
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F60F66
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F600FF
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F6011A
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F60058
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F600A2
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F60047
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F6002C
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F60F81
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F90FAF
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F90F68
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F90FCA
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F90F79
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F90F94
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 19, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F9001B
.text C:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F70000
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01E7000A
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01E70F81
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01E7006C
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01E70F9E
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01E7005B
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01E70025
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01E700A2
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01E70091
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01E700DF
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01E700CE
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01E70F2B
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01E70036
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01E70FEF
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01E70F66
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01E70FB9
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01E70FCA
.text C:\WINDOWS\explorer.exe[1244] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01E700BD
.text C:\WINDOWS\explorer.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01E60FE5
.text C:\WINDOWS\explorer.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01E60098
.text C:\WINDOWS\explorer.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01E60036
.text C:\WINDOWS\explorer.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01E60025
.text C:\WINDOWS\explorer.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01E6007D
.text C:\WINDOWS\explorer.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01E6000A
.text C:\WINDOWS\explorer.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01E6006C
.text C:\WINDOWS\explorer.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01E60047
.text C:\WINDOWS\explorer.exe[1244] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00B20FCA
.text C:\WINDOWS\explorer.exe[1244] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\explorer.exe[1244] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00B20FB9
.text C:\WINDOWS\explorer.exe[1244] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00B2000C
.text C:\WINDOWS\explorer.exe[1244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD009D
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD0FA8
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD0FB9
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD006C
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD0051
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD0F7C
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0F8D
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD00FA
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD00E9
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DD010B
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DD0FCA
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DD001B
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DD00B8
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DD0FE5
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DD0036
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DD0F6B
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E00FD1
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E0004E
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E00022
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E00011
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E00F9B
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E00000
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E00033
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E00FAC
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03830000
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 038300A4
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03830093
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03830FAF
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03830062
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0383002C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 038300D2
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 038300C1
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03830105
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 038300F4
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 03830116
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03830047
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03830011
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03830F94
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03830FC0
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 03830FDB
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 038300E3
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01FC0FEF
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01FC00B6
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01FC0036
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01FC001B
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01FC009B
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01FC000A
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01FC0076
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01FC005B
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01F90000
.text C:\WINDOWS\system32\svchost.exe[1332] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 01FA0FDB
.text C:\WINDOWS\system32\svchost.exe[1332] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 01FA0000
.text C:\WINDOWS\system32\svchost.exe[1332] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 01FA0FCA
.text C:\WINDOWS\system32\svchost.exe[1332] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 01FA0011
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C0FE5
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0F6F
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C0F8A
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C0F9B
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C0058
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C0022
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C00AB
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C0090
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C00D7
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C00BC
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007C0F19
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 007C003D
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 007C007F
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 007C0FC0
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 007C0011
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007C0F3E
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007F0FD4
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007F006F
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007F002F
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007F0014
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007F0FA8
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 007F0FB9
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 9F, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007F0040
.text C:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007D0FE5
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F88
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0F99
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE007D
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE006C
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0051
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00A9
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F6D
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F24
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F35
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BE0F09
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BE008E
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BE0040
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BE0F46
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C20062
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C20FD4
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C20040
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C2002F
.text C:\WINDOWS\system32\svchost.exe[1480] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1480] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[1480] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1480] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\svchost.exe[1480] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F6F
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0064
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0F8A
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0FA5
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0036
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC009A
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F5E
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F01
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F1C
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BC0EF0
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BC0047
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BC007F
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BC0F2D
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BB0FB9
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BB0043
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BB0F86
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BB0F97
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DB, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BB0FA8
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[2148] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ B3, E6, 87, 83 ]
.text C:\Program Files\Webroot\Washer\wwDisp.exe[3396] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 77, EC, 87, 83 ]

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8B2C31E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8B2C31E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 8AE07790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 8AE07790
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_CREATE 8AF3C790
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_CLOSE 8AF3C790
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_READ 8AF3C790
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_WRITE 8AF3C790
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_DEVICE_CONTROL 8AF3C790
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_INTERNAL_DEVICE_CONTROL 8AF3C790
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_POWER 8AF3C790
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_SYSTEM_CONTROL 8AF3C790
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_PNP 8AF3C790
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 8B0F71E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 8B0E01E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 8B0F71E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 8B0E01E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_CREATE 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_CLOSE 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_POWER 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_SYSTEM_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_PNP 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-6 IRP_MJ_CREATE 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-6 IRP_MJ_CLOSE 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-6 IRP_MJ_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-6 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-6 IRP_MJ_POWER 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-6 IRP_MJ_SYSTEM_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBPDO-6 IRP_MJ_PNP 8B0F71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8B2C51E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8B0181E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8B0181E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8B0181E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8B0181E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8B0181E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8B0181E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0181E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8B0181E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8B0181E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8B0181E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8B0181E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 8B2C51E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8B0A71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8B0A71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8B0A71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0A71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8B0A71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8B0A71E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8B0A71E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8B0A71E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8B0A71E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0A71E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8B0A71E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8B0A71E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_CREATE 8AF3C790
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_CLOSE 8AF3C790
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_READ 8AF3C790
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_WRITE 8AF3C790
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_DEVICE_CONTROL 8AF3C790
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_INTERNAL_DEVICE_CONTROL 8AF3C790
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_POWER 8AF3C790
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_SYSTEM_CONTROL 8AF3C790
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_PNP 8AF3C790
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_CREATE [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_CREATE_NAMED_PIPE [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_CLOSE [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_READ [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_WRITE [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_QUERY_INFORMATION [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_SET_INFORMATION [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_QUERY_EA [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_SET_EA [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_FLUSH_BUFFERS [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_QUERY_VOLUME_INFORMATION [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_SET_VOLUME_INFORMATION [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_DIRECTORY_CONTROL [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_FILE_SYSTEM_CONTROL [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_DEVICE_CONTROL [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_INTERNAL_DEVICE_CONTROL [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_SHUTDOWN [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_LOCK_CONTROL [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_CLEANUP [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_CREATE_MAILSLOT [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_QUERY_SECURITY [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_SET_SECURITY [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_POWER [A8462F42] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_SYSTEM_CONTROL [A8462F42] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_DEVICE_CHANGE [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_QUERY_QUOTA [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_SET_QUOTA [A8462D1B] Wdf01000.sys
Device \Driver\LMouFilt \Device\00000094 IRP_MJ_PNP [A8462F42] Wdf01000.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B92918EF-69AB-4C03-A150-DEB9CD9E74F3} IRP_MJ_CREATE 8B0A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B92918EF-69AB-4C03-A150-DEB9CD9E74F3} IRP_MJ_CLOSE 8B0A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B92918EF-69AB-4C03-A150-DEB9CD9E74F3} IRP_MJ_DEVICE_CONTROL 8B0A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B92918EF-69AB-4C03-A150-DEB9CD9E74F3} IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B92918EF-69AB-4C03-A150-DEB9CD9E74F3} IRP_MJ_CLEANUP 8B0A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B92918EF-69AB-4C03-A150-DEB9CD9E74F3} IRP_MJ_PNP 8B0A71E8
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_CREATE [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_CREATE_NAMED_PIPE [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_CLOSE [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_READ [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_WRITE [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_QUERY_INFORMATION [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_SET_INFORMATION [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_QUERY_EA [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_SET_EA [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_FLUSH_BUFFERS [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_QUERY_VOLUME_INFORMATION [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_SET_VOLUME_INFORMATION [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_DIRECTORY_CONTROL [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_FILE_SYSTEM_CONTROL [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_DEVICE_CONTROL [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_INTERNAL_DEVICE_CONTROL [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_SHUTDOWN [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_LOCK_CONTROL [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_CLEANUP [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_CREATE_MAILSLOT [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_QUERY_SECURITY [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_SET_SECURITY [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_POWER [A8462F42] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_SYSTEM_CONTROL [A8462F42] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_DEVICE_CHANGE [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_QUERY_QUOTA [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_SET_QUOTA [A8462D1B] Wdf01000.sys
Device \Driver\LHidFilt \Device\00000096 IRP_MJ_PNP [A8462F42] Wdf01000.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{1DC13368-7D47-44C7-A880-657E18371752} IRP_MJ_CREATE 8B0A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1DC13368-7D47-44C7-A880-657E18371752} IRP_MJ_CLOSE 8B0A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1DC13368-7D47-44C7-A880-657E18371752} IRP_MJ_DEVICE_CONTROL 8B0A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1DC13368-7D47-44C7-A880-657E18371752} IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1DC13368-7D47-44C7-A880-657E18371752} IRP_MJ_CLEANUP 8B0A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1DC13368-7D47-44C7-A880-657E18371752} IRP_MJ_PNP 8B0A71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 8B0F71E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8AF27508
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 8B0E01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8AF27508
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8AF27508
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_CREATE 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_CLOSE 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_POWER 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_PNP 8B0F71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8B2C51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8B2C51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8B2C51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8B2C51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8B2C51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8B2C51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8B2C51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8B2C51E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8B2C51E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_CREATE 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_CLOSE 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_POWER 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_SYSTEM_CONTROL 8B0F71E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_PNP 8B0F71E8
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_CREATE 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_CLOSE 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_DEVICE_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_INTERNAL_DEVICE_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_POWER 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_SYSTEM_CONTROL 8B0E01E8
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_PNP 8B0E01E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 8AE07790
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 8AE07790
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [A82BF756] DLAIFS_M.SYS
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8AECC6A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8AECC6A8

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
ADS C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT

---- EOF - GMER 1.0.12 ----

whatever gmer did it seemed to have fixed my problem :D THANKS!

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:25 PM

Posted 01 November 2008 - 04:21 PM

That sounds promising, but probably coincidental. Let's check out a new hijackthis log just to be sure.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 InflictBrutality

InflictBrutality
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 01 November 2008 - 05:35 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:13, on 11/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Inflict\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070918
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE" /FU "C:\WINDOWS\TEMP\E_S241.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: spicgl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0032601224233136) (0032601224233136mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\003260~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12363 bytes

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:25 PM

Posted 02 November 2008 - 10:18 AM

Looks pretty good to me. Just a couple minor issues to address.

Run Hijackthis again, click scan, and Put a checkmark next to the line listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)



I also recommend that you uninstall Viewpoint
While it's not spyware it isn't a recommended program to have.


Assuming things are working as they should be, let's clean up.

Please download the OTMoveIt3 by OldTimer
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt3.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


=================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 InflictBrutality

InflictBrutality
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 02 November 2008 - 02:48 PM

thank you soooo much :D

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:25 PM

Posted 16 November 2008 - 06:41 PM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users