Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU usage always above 50%


  • This topic is locked This topic is locked
27 replies to this topic

#1 jocephus7

jocephus7

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 11 January 2009 - 07:12 PM

I have a Dell Inspiron E1505 Laptop running Windows Vista Home Premium 32 bit. Intel T2060 1.6GHz processor and 1 gb of ram. Starting approximately 2 weeks ago my pc began to run very slow. I mostly notice this when browsing the web or playing music or videos. When playing music or videos I get a constant skipping throughout that I never experienced before. My download speeds haven't been affected. I looked further and found that the process explorer.exe is the main culprit of the CPU usage as it is always at about 45-50% by itself. I ran Hijack This and the log is below. Any help woud be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:28 PM, on 1/5/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F60091D3-566C-4BC0-8EFF-67D0CB605B09}: NameServer = 65.24.7.10,65.24.7.11
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\ProgramData\Norton\Norton2009Reset.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7498 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:05 AM

Posted 24 January 2009 - 11:35 PM

Hello,
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.

O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\ProgramData\Norton\Norton2009Reset.exe

Perhaps not cracking your anti virus program would help?

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 jocephus7

jocephus7
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 26 January 2009 - 12:04 AM

My pc problems began prior to me loading Norton Internet Security. I previously had AVG Free Edition but when the problems began I added Norton to see if it would find something that AVG hadn't. After I added Norton I removed AVG. So I don't think the Norton crack is the culprit. Thanks for any help you can give me...the requested logs are below.




OTViewIt logfile created on: 1/25/2009 10:33:46 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Joe\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.82 Mb Total Physical Memory | 237.21 Mb Available Physical Memory | 23.40% Memory free
2.23 Gb Paging File | 1.24 Gb Available in Paging File | 55.48% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 0.98 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.38 Gb Free Space | 63.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/02 04:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 04:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007/07/11 23:31:04 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/27 17:56:04 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
[2006/11/27 17:55:48 | 01,716,224 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
[2006/11/02 04:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/09/30 12:48:28 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
[2008/12/11 22:28:25 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
[2007/08/24 15:52:46 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
[2007/02/08 00:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
[2007/03/17 03:41:09 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2006/11/02 04:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 04:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/17 18:52:40 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2007/02/08 00:11:04 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
[2006/11/15 13:07:58 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
[2006/11/15 13:07:56 | 00,106,496 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
[2006/11/27 17:56:02 | 01,540,096 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
[2007/08/24 15:52:38 | 01,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
[2006/11/02 07:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006/11/02 07:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
[2006/11/02 07:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/12/11 22:28:25 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
[2008/02/01 15:32:54 | 08,699,904 | ---- | M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe
[2008/02/01 15:32:54 | 08,699,904 | ---- | M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe
[2006/11/02 04:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[2008/08/05 22:28:43 | 00,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\mcupdate.exe
[2008/10/15 23:40:06 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2008/10/15 23:42:58 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/25 22:20:08 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/01/05 12:36:00 | 00,281,625 | R--- | M] () -- C:\ProgramData\Norton\Norton2009Reset.exe -- (.norton2009Reset [Auto | Stopped])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2006/11/02 01:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 07:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2007/09/04 02:03:42 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006/11/07 13:27:02 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2007/03/17 03:40:38 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/11/02 07:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/11/02 04:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (iPod Service [On_Demand | Stopped])
[2006/11/02 08:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/09/30 12:48:28 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
[2006/11/02 07:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/12/11 22:28:25 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/08/24 15:53:14 | 00,072,176 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10 [On_Demand | Stopped])
[2007/08/24 15:53:16 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10 [Auto | Stopped])
[2007/08/24 15:52:48 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10 [Auto | Stopped])
[2007/08/24 15:52:38 | 01,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10 [On_Demand | Running])
[2007/08/24 15:52:46 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10 [Auto | Running])
[2006/11/02 04:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2007/07/11 23:31:04 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 04:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/02/08 00:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV [Auto | Running])
File not found -- -- (stllssvr [On_Demand | Stopped])
[2008/07/15 16:38:32 | 00,394,608 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
[2006/11/02 04:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 04:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2006/11/27 17:56:04 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
[2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2007/03/17 03:41:09 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

========== Driver Services ==========

[2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2007/03/17 03:41:29 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2007/03/17 03:40:49 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2007/03/17 03:41:30 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 03:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006/11/27 17:55:54 | 00,534,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX [On_Demand | Running])
[2006/11/02 02:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2008/12/11 22:29:18 | 00,255,536 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\BHDrvx86.sys -- (BHDrvx86 [System | Running])
[2006/11/02 03:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 03:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2009/01/05 12:27:27 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\cchpx86.sys -- (ccHP [System | Running])
[2006/11/02 03:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/02/13 03:11:08 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2007/03/17 03:41:29 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 04:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 03:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2006/11/02 03:51:04 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4.sys -- (dot4 [On_Demand | Stopped])
[2006/11/02 03:51:02 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2006/11/02 03:51:03 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2006/08/17 15:43:52 | 00,007,424 | --S- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2007/09/04 02:03:43 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 02:30:55 | 00,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express [On_Demand | Stopped])
[2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 07:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2009/01/05 04:57:20 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2009/01/05 04:57:20 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2006/11/02 04:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 03:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 04:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/11/02 02:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2007/07/11 23:30:24 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 03:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 03:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/11 18:10:40 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2006/11/11 18:10:38 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2009/01/05 12:27:27 | 00,289,840 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090115.001\IDSvix86.sys -- (IDSVix86 [System | Running])
[2006/11/15 13:07:56 | 01,473,024 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx [On_Demand | Running])
[2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/02 03:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 04:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 03:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2006/11/02 03:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 03:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/11 18:10:40 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2007/12/16 04:56:45 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 04:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2007/07/11 23:33:23 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/25 20:11:59 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2007/12/12 03:03:57 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2007/03/17 03:41:29 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 04:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2007/03/17 03:40:49 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 04:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/02/13 03:07:20 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2009/01/05 04:57:20 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090124.032\naveng.sys -- (NAVENG [On_Demand | Running])
[2009/01/05 04:57:20 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090124.032\navex15.sys -- (NAVEX15 [On_Demand | Running])
[2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 03:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2007/03/17 03:40:49 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 04:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2007/09/04 02:03:44 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/07/26 03:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/04/26 22:31:04 | 00,474,304 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner [On_Demand | Stopped])
[2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 07:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 02:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2006/11/02 04:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/20 14:13:56 | 00,032,256 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2006/11/20 14:13:58 | 00,043,520 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2006/11/20 14:13:58 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2006/11/02 03:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2007/08/18 03:09:04 | 00,057,328 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter [Disabled | Stopped])
[2006/11/02 04:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2007/06/19 02:03:15 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/02/13 03:11:04 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 03:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 03:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 03:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2007/03/17 03:40:48 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 03:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2006/11/02 04:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/12/11 22:29:18 | 00,306,736 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\srtsp.sys -- (SRTSP [On_Demand | Running])
[2008/12/11 22:29:18 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\srtspx.sys -- (SRTSPX [System | Running])
[2007/12/12 03:03:56 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2007/12/12 03:03:57 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/02/08 00:11:04 | 00,647,680 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
[2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2008/12/11 22:29:18 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/12/11 22:29:19 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\SymEFA.sys -- (SymEFA [Boot | Running])
[2009/01/05 12:28:01 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/12/11 22:29:19 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/12/11 22:28:28 | 00,025,136 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM [System | Running])
[2008/12/11 22:29:20 | 00,040,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symndisv.sys -- (SYMNDISV [On_Demand | Running])
[2008/12/11 22:29:20 | 00,024,624 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/12/11 22:29:20 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symtdi.sys -- (SYMTDI [System | Running])
[2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/17 18:52:38 | 00,179,256 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2006/11/02 03:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 03:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 04:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2007/07/11 23:33:21 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2007/07/11 23:33:22 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 04:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2007/03/17 03:40:49 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 03:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 03:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 03:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 03:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2007/03/17 03:41:29 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2007/03/17 03:40:49 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 04:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 03:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 04:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/02/13 03:11:05 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/11 18:10:38 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2007/11/20 03:03:58 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2006/11/02 03:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2006/11/11 18:10:40 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070317
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.yahoo.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1419078479-2353412945-596696089-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.yahoo.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-1419078479-2353412945-596696089-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1419078479-2353412945-596696089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6}" (HKLM) -- C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6}" (HKLM) -- C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)

[HKEY_USERS\S-1-5-21-1419078479-2353412945-596696089-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1419078479-2353412945-596696089-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-1419078479-2353412945-596696089-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6}" (HKLM) -- C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe (Dell Inc.)
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\Windows\system32\igfxtray.exe (Intel Corporation)
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto (Microsoft Corporation)
"NWEReboot"= File not found
"Persistence"=C:\Windows\system32\igfxpers.exe (Intel Corporation)
"SigmatelSysTrayApp"=sttray.exe (SigmaTel, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe ()

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe ()

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1419078479-2353412945-596696089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 01:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1419078479-2353412945-596696089-1000\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 01:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [2007/03/16 19:59:06 | 00,132,744 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab -- Support.com Configuration Class
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab -- QuickTime Object
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{5727FF4C-EF4E-4d96-A96C-03AD91910448}: http://www.srtest.com/srl_bin/sysreqlab_ind.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0

========== (O17) DNS Name Servers ==========

{93A63CDE-008E-427C-9F54-A2AE42AC25A0} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{F60091D3-566C-4BC0-8EFF-67D0CB605B09} (Servers: 65.24.7.10,65.24.7.11 | Description: Dell Wireless 1390 WLAN Mini-Card)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 04:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 04:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 16:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/01/25 22:19:30 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTViewIt.exe
[2009/01/23 01:13:21 | 00,000,000 | ---D | C] -- C:\rsit
[2009/01/22 22:30:25 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Malwarebytes
[2009/01/22 22:30:14 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/22 22:30:13 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/22 22:30:08 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/22 22:30:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/01/22 22:30:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/09 19:20:49 | 00,206,580 | ---- | C] () -- C:\Users\Joe\Documents\I-V.jwl
@Alternate Data Stream - 76 bytes -> C:\Users\Joe\Documents\I-V.jwl:Roxio EMC Stream
[2009/01/09 11:22:54 | 01,341,146 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\Cat.DB
[2009/01/09 11:16:20 | 00,025,136 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2009/01/05 15:34:56 | 00,198,192 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symtdi.sys
[2009/01/05 15:34:56 | 00,040,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symndisv.sys
[2009/01/05 15:34:56 | 00,037,424 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symndis.sys
[2009/01/05 15:34:56 | 00,034,608 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symids.sys
[2009/01/05 15:34:56 | 00,024,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symredrv.sys
[2009/01/05 15:34:56 | 00,010,858 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\SymNet.cat
[2009/01/05 15:34:56 | 00,001,609 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\SymNet.inf
[2009/01/05 15:34:55 | 00,309,296 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\SymEFA.sys
[2009/01/05 15:34:55 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symfw.sys
[2009/01/05 15:34:55 | 00,012,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\symdns.sys
[2009/01/05 15:34:55 | 00,008,428 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\SymEFA.cat
[2009/01/05 15:34:55 | 00,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\SymEFA.inf
[2009/01/05 15:34:54 | 00,306,736 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\srtsp.sys
[2009/01/05 15:34:54 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\srtspx.sys
[2009/01/05 15:34:54 | 00,008,390 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\srtspx.cat
[2009/01/05 15:34:54 | 00,008,386 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\srtsp.cat
[2009/01/05 15:34:54 | 00,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\srtspx.inf
[2009/01/05 15:34:54 | 00,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\srtsp.inf
[2009/01/05 15:34:53 | 00,255,536 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1002000.007\BHDrvx86.sys
[2009/01/05 15:34:53 | 00,008,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\BHDrvx86.CAT
[2009/01/05 15:34:53 | 00,000,640 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\BHDrvx86.inf
[2009/01/05 15:33:29 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1002000.007\isolate.ini
[2009/01/05 15:33:29 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1002000.007
[2009/01/05 14:27:36 | 00,001,876 | ---- | C] () -- C:\Users\Joe\Desktop\HijackThis.lnk
[2009/01/05 14:27:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/05 13:31:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Avg7
[2009/01/05 12:37:14 | 10,637,18912 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/05 12:28:01 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/01/05 12:28:01 | 00,010,635 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/01/05 12:28:01 | 00,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/01/05 12:27:48 | 00,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2009/01/05 12:26:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2009/01/05 12:26:47 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/01/05 12:26:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/01/05 12:25:44 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/01/05 12:25:44 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/01/04 23:21:54 | 00,206,584 | ---- | C] () -- C:\Users\Joe\Documents\saw cover.jwl
@Alternate Data Stream - 76 bytes -> C:\Users\Joe\Documents\saw cover.jwl:Roxio EMC Stream
[2009/01/01 10:56:12 | 00,223,368 | ---- | C] () -- C:\Users\Joe\Desktop\CrucialScan.exe
[2008/12/30 02:58:04 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\FullTiltPoker
[2008/12/28 04:06:55 | 00,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Cforms
[2008/12/27 05:49:45 | 00,000,029 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\default.rss
[2008/12/27 05:49:44 | 00,000,000 | ---D | C] -- C:\Users\Joe\Documents\Nero Collections
[2008/12/27 05:49:44 | 00,000,000 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\downloads.m3u
[2008/12/27 04:57:42 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/12/27 04:28:11 | 00,002,529 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2008/12/27 04:00:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2008/12/27 01:55:21 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab

========== Files - Modified Within 30 Days ==========

[2009/01/25 22:25:15 | 01,341,146 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1002000.007\Cat.DB
[2009/01/25 22:24:35 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/01/25 22:24:34 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/01/25 22:20:08 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTViewIt.exe
[2009/01/25 22:06:48 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/01/24 03:39:46 | 00,000,434 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/01/24 03:38:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/01/24 03:38:41 | 10,637,18912 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/22 22:30:14 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/22 03:11:18 | 00,202,752 | ---- | M] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/22 03:00:01 | 00,000,368 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/12 04:34:15 | 03,080,444 | -H-- | M] () -- C:\Users\Joe\AppData\Local\IconCache.db
[2009/01/09 19:20:49 | 00,206,580 | ---- | M] () -- C:\Users\Joe\Documents\I-V.jwl
@Alternate Data Stream - 76 bytes -> C:\Users\Joe\Documents\I-V.jwl:Roxio EMC Stream
[2009/01/09 11:15:59 | 00,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2009/01/09 11:15:59 | 00,000,368 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/01/08 22:46:37 | 00,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/01/08 22:46:37 | 00,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/01/08 22:46:36 | 00,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/01/05 15:33:29 | 00,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1002000.007\isolate.ini
[2009/01/05 14:27:36 | 00,001,876 | ---- | M] () -- C:\Users\Joe\Desktop\HijackThis.lnk
[2009/01/05 12:28:01 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/01/05 12:28:01 | 00,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/01/05 12:28:01 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/01/04 23:21:54 | 00,206,584 | ---- | M] () -- C:\Users\Joe\Documents\saw cover.jwl
@Alternate Data Stream - 76 bytes -> C:\Users\Joe\Documents\saw cover.jwl:Roxio EMC Stream
[2009/01/01 10:56:47 | 00,223,368 | ---- | M] () -- C:\Users\Joe\Desktop\CrucialScan.exe
[2008/12/27 05:50:13 | 00,000,029 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\default.rss
[2008/12/27 05:49:44 | 00,000,000 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\downloads.m3u
[2008/12/27 04:57:42 | 00,004,767 | ---- | M] () -- C:\Windows\Irremote.ini
[2008/12/27 04:28:11 | 00,002,529 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
< End of report >







OTViewIt Extras logfile created on: 1/25/2009 10:33:46 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Joe\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.82 Mb Total Physical Memory | 237.21 Mb Available Physical Memory | 23.40% Memory free
2.23 Gb Paging File | 1.24 Gb Available in Paging File | 55.48% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 0.98 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.38 Gb Free Space | 63.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/05 04:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 12:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 14:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/11 22:28:18 | 00,344,944 | R--- | M] (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll (symres:{AA1061FE-6C41-421f-9344-69640C9732AB} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/09/09 13:43:58 | 00,323,584 | ---- | M] (EzTools Software) C:\Program Files\SVOH PromatchILS\WowCtl2.dll (x-mem1:{C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} (HKLM) [EzTools Wow2 Memory Map Asyncronous Pluggable Protocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 21:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}"=Nero ShowTime
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{086a7d8c-0a38-4c7f-819a-620275550d5c}"=Nero BurningROM
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}"=Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}"=DirectXInstallService
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}"=Dell System Customization Wizard
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}"=Roxio CinePlayer
"{1c00c7c5-e615-4139-b817-7f4003de68c0}"=Nero PhotoSnap Help
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}"=Roxio Central Tools
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}"=Nero InfoTool
"{2348b586-c9ae-46ce-936c-a68e9426e214}"=Nero StartSmart Help
"{297C44DA-5986-4A0A-80E3-240B54B863FC}"=ClickFORMS
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java™ SE Runtime Environment 6
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}"=Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}"=Nero Recode
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}"=Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}"=Games, Music, & Photos Launcher
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}"=Roxio Disc Gallery
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{43e39830-1826-415d-8bae-86845787b54b}"=Nero Vision
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{4fec3d7f-4eb1-47b5-88f7-c4e01c31f4e1}"=Blu-ray Disc Authoring Plug-in
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}"=QuickSet
"{54BD60A6-232E-4EAC-A0D5-589D744A7443}"=SVOH PromatchILS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}"=NeroExpress
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}"=Roxio BackOnTrack
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}"=User's Guides
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}"=Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}"=Nero RescueAgent Help
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}"=Roxio File Backup
"{60c731fb-c951-41ce-ad41-8e54c8594609}"=Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}"=Nero CoverDesigner
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6d7c9320-d047-4322-ba1a-9df8469a83cd}"=Nero MediaHome 4
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}"=Roxio Central Audio
"{7748ac8c-18e3-43bb-959b-088faea16fb2}"=Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}"=Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}"=Nero BurnRights
"{792cb325-06d2-451d-9f4a-cd122f4871fa}"=Nero Move it
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{83202942-84b3-4c50-8622-b8c0aa2d2885}"=Nero Express
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}"=Nero DiscSpeed
"{8704D51E-25B7-4F23-81E7-AA4F54790210}"=Microsoft Streets and Trips 2004
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}"=Documentation & Support Launcher
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}"=Roxio CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{98a67610-a3b5-4098-a423-3708040026d3}"="Nero SoundTrax Help
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}"=Roxio MediaShare
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}"=OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}"=MediaDirect
"{9e82b934-9a25-445b-b8df-8012808074ac}"=Nero PhotoSnap
"{a209525b-3377-43f4-b886-32f6b6e7356f}"=Nero WaveEditor
"{a36c5c01-60dd-4d8e-834e-a49fe992c791}"=Nero BackItUp 4
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}"=ImagXpress
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}"=Spelling Dictionaries Support For Adobe Reader 9
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}"=Nero Recode Help
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}"=DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}"=Advertising Center
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}"=Roxio Central Copy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}"=Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}"=Nero ControlCenter
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}"=Roxio Easy Media Creator 10 Suite
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}"=SoundTrax
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}"=Nero DiscSpeed
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}"=Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}"=NeroBurningROM
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}"=Full Tilt Poker
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}"=Nero ShowTime
"{de5765ee-3420-4f35-b5fc-9295b637b59d}"=DTS Plug-in
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}"=Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}"=Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}"=Nero DriveSpeed
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}"=Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}"=Nero Installer
"{EC877639-07AB-495C-BFD1-D63AF9140810}"=Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}"=Roxio Central Core
"{f1861f30-3419-44db-b2a1-c274825698b3}"=Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}"=Nero ControlCenter
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}"=Modem Diagnostic Tool
"{f6bdd7c5-89ed-4569-9318-469aa9732572}"=Nero BurnRights
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}"=TWC Customer Controls
"{f9c02eaa-e9ed-4d7f-bff5-168586f051d7}"=Nero 9
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}"=Nero InfoTool
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}"=EMC 10 Content
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"ESPN RunTime"=ESPN RunTime
"FFLM2005_is1"=FFLM version 7.08
"fflmOffense_is1"=FFLM Offensive Player Sounds
"HijackThis"=HijackThis 2.0.2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 3.6.5
"LimeWire"=LimeWire 4.18.8
"LiveUpdate"=LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MySpaceIM"=MySpaceIM
"NIS"=Norton Internet Security
"Super Screen Capture_is1"=Super Screen Capture 3.1
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"SystemRequirementsLab"=System Requirements Lab
"ViewpointMediaPlayer"=Viewpoint Media Player
"VLC media player"=VideoLAN VLC media player 0.8.6d
"WinRAR archiver"=WinRAR archiver
"WinSketch Pro 7"=WinSketch Pro 7
"Yahoo! Messenger"=Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1419078479-2353412945-596696089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2009 9:09:33 AM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 8.1.0.421, time stamp
0x46d76392, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x0003b15f, process id 0x1694, application
start time 0x01c96f64bb94cd45.

Error - 1/9/2009 12:17:33 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.0.1.7, time stamp 0x48ff9820,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000001, process id 0x56c, application start time 0x01c972758b2d6745.

Error - 1/9/2009 12:21:16 PM | Computer Name = Joe-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/11/2009 2:45:43 AM | Computer Name = Joe-PC | Source = Application Hang | ID = 1002
Description = The program YahooMessenger.exe version 8.1.0.421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1064 Start Time: 01c97338adee8ef0 Termination Time: 175

Error - 1/14/2009 12:29:13 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 8.1.0.421, time stamp
0x46d76392, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x0003b15f, process id 0xffc, application
start time 0x01c974d5251a2dd0.

Error - 1/19/2009 2:21:27 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 8.1.0.421, time stamp
0x46d76392, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xfa500678, process id 0xf90, application start time
0x01c979b674db09e2.

Error - 1/21/2009 4:59:38 PM | Computer Name = Joe-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16764 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13c0 Start Time: 01c97c04b95441b0 Termination Time: 371

Error - 1/22/2009 3:47:45 AM | Computer Name = Joe-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 11.0.5510.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 65c Start Time: 01c97ab17e81ddd0 Termination Time: 144

Error - 1/25/2009 5:12:46 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 8.1.0.421, time stamp
0x46d76392, faulting module P2PCE.dll, version 1.0.0.0, time stamp 0x45a3e312,
exception code 0xc0000005, fault offset 0x00016675, process id 0xddc, application
start time 0x01c97e4a64b9d5f0.

Error - 1/25/2009 11:24:23 PM | Computer Name = Joe-PC | Source = Application Hang | ID = 1002
Description = The program OTViewIt.exe version 1.0.21.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12dc Start Time: 01c97f650a2aa080 Termination Time: 15

[ Broadcom Wireless LAN Events ]
Error - 12/10/2008 1:24:21 AM | Computer Name = Joe-PC | Source = WLAN-Tray | ID = 0
Description = 00:24:21, Wed, Dec 10, 08 Error - Unable to gain access to user store


Error - 12/13/2008 2:07:06 PM | Computer Name = Joe-PC | Source = WLAN-Tray | ID = 0
Description = 13:07:06, Sat, Dec 13, 08 Error - Unable to gain access to user store


Error - 12/13/2008 2:12:07 PM | Computer Name = Joe-PC | Source = WLAN-Tray | ID = 0
Description = 13:12:05, Sat, Dec 13, 08 Error - Unable to gain access to user store


Error - 12/13/2008 2:20:31 PM | Computer Name = Joe-PC | Source = WLAN-Tray | ID = 0
Description = 13:20:30, Sat, Dec 13, 08 Error - Unable to gain access to user store


Error - 12/13/2008 4:23:57 PM | Computer Name = Joe-PC | Source = WLAN-Tray | ID = 0
Description = 15:23:56, Sat, Dec 13, 08 Error - Unable to gain access to user store


Error - 1/4/2009 8:03:32 PM | Computer Name = Joe-PC | Source = WLAN-Tray | ID = 0
Description = 19:03:32, Sun, Jan 04, 09 Error - Unable to gain access to user store


Error - 1/5/2009 1:37:25 PM | Computer Name = Joe-PC | Source = WLAN-Tray | ID = 0
Description = 12:37:25, Mon, Jan 05, 09 Error - Unable to gain access to user store


Error - 1/15/2009 1:47:54 PM | Computer Name = Joe-PC | Source = WLAN-Tray | ID = 0
Description = 12:47:54, Thu, Jan 15, 09 Error - Unable to gain access to user store


Error - 1/18/2009 5:43:29 PM | Computer Name = Joe-PC | Source = WLAN-Tray | ID = 0
Description = 16:43:29, Sun, Jan 18, 09 Error - Unable to gain access to user store


Error - 1/24/2009 4:38:59 AM | Computer Name = Joe-PC | Source = WLAN-Tray | ID = 0
Description = 03:38:59, Sat, Jan 24, 09 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 12/22/2007 8:34:35 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/18/2008 1:40:34 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/27/2008 4:18:14 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/29/2008 11:45:32 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 12:10:38 AM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 3:04:06 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 2:06:59 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/11/2008 10:48:08 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/12/2008 3:48:52 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/9/2008 11:33:28 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/15/2008 10:14:07 PM | Computer Name = Joe-PC | Source = DCOM | ID = 10010
Description =

Error - 3/16/2008 10:18:21 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 3/16/2008 10:18:53 PM | Computer Name = Joe-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 198.18.100.9 for the Network Card with network
address 001A927F233D has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/20/2008 12:39:07 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 3/20/2008 4:54:28 AM | Computer Name = Joe-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 001A927F233D has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/21/2008 4:27:37 PM | Computer Name = Joe-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 001A927F233D has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/23/2008 8:45:14 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 3/23/2008 11:28:18 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 3/25/2008 4:55:13 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 3/27/2008 12:45:53 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >







GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-25 23:59:41
Windows 6.0.6000


---- System - GMER 1.0.14 ----

SSDT 8AF02AF0 ZwAlertResumeThread
SSDT 89C933E0 ZwAlertThread
SSDT 8B7BB218 ZwAllocateVirtualMemory
SSDT 84DC7E50 ZwAlpcConnectPort
SSDT 8AB827D0 ZwAssignProcessToJobObject
SSDT 8B7C2B40 ZwCreateMutant
SSDT 8B7C6498 ZwCreateSymbolicLinkObject
SSDT 8B725940 ZwCreateThread
SSDT 8AFA5110 ZwDebugActiveProcess
SSDT 8B7BB470 ZwDuplicateObject
SSDT 8B7BD008 ZwFreeVirtualMemory
SSDT 84DC9878 ZwImpersonateAnonymousToken
SSDT 89C94AF0 ZwImpersonateThread
SSDT 84B0E8A8 ZwLoadDriver
SSDT 8B7BCA58 ZwMapViewOfSection
SSDT 8AF84F90 ZwOpenEvent
SSDT 8B7BC008 ZwOpenProcess
SSDT 89D12140 ZwOpenProcessToken
SSDT 89DE08D0 ZwOpenSection
SSDT 8B7BB5C0 ZwOpenThread
SSDT 8B7C50B0 ZwProtectVirtualMemory
SSDT 8AD87F48 ZwResumeThread
SSDT 89C96108 ZwSetContextThread
SSDT 8B7BC7C0 ZwSetInformationProcess
SSDT 8AFED048 ZwSetSystemInformation
SSDT 8ADFF590 ZwSuspendProcess
SSDT 89C93360 ZwSuspendThread
SSDT 89CB0068 ZwTerminateProcess
SSDT 84DE36F0 ZwTerminateThread
SSDT 8ABFB788 ZwUnmapViewOfSection
SSDT 8B7BCE80 ZwWriteVirtualMemory
SSDT 8B7C6968 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.14 ----

? C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090124.032\NAVEX15.SYS The system cannot find the path specified. !
? C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090124.032\NAVENG.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Users\Joe\Desktop\gmer.exe[3960] ntdll.dll!NtCreateFile + 3 7771F417 2 Bytes [ 93, FA ]
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] USER32.dll!DialogBoxIndirectParamW 76E514EA 5 Bytes JMP 6F4E179F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] USER32.dll!MessageBoxExA 76E6570D 5 Bytes JMP 6F4E16E6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] USER32.dll!DialogBoxParamA 76E665BF 5 Bytes JMP 6F4E1764 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] USER32.dll!MessageBoxIndirectW 76E6F1B3 5 Bytes JMP 6F3716B6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] USER32.dll!DialogBoxParamW 76E7129F 5 Bytes JMP 6F34F301 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] USER32.dll!DialogBoxIndirectParamA 76E929C9 5 Bytes JMP 6F4E17DA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] USER32.dll!MessageBoxIndirectA 76E9FACF 5 Bytes JMP 6F4E1720 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] USER32.dll!MessageBoxExW 76E9FBC9 5 Bytes JMP 6F4E16AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] SHELL32.dll!DAD_ShowDragImage + CC 7606E958 4 Bytes [ 01, 0C, A6, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] SHELL32.dll!DAD_ShowDragImage + D4 7606E960 8 Bytes [ 0F, 0B, A6, 6F, 8F, 32, A5, ... ]
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] SHELL32.dll!ILFree + 4F8 7606EFA8 4 Bytes [ 01, 0C, A6, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] SHELL32.dll!ILFree + 500 7606EFB0 4 Bytes [ 0F, 0B, A6, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] SHELL32.dll!ILFree + F58 7606FA08 4 Bytes [ 01, 0C, A6, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[5300] SHELL32.dll!ILFree + F60 7606FA10 4 Bytes [ 0F, 0B, A6, 6F ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6FA4D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6FA4D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6FA4B641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6FA4D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6FA4BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6FA4F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6FA4C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6FA4D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6FA4B641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6FA4DDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6FA4C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6FA4F43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6FA50D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6FA4FBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6FA50291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6FA4D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6FA4F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6FA4BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6FA4B0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6FA4D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6FA4A910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6FA5DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6FA5E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6FA5CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6FA5D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6FA5CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6FA5C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6FA5CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6FA4D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6FA4E0F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6FA4B0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6FA4A910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6FA4A7B9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6FA4C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6FA4D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6FA48CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6FA4BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6FA50291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6FA4FBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6FA4F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6FA48A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6FA48BC4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6FA4BB72] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6FA4FF2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6FA4FB56] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6FA50D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6FA4EF48] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6FA4896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6FA4D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6FA4CF05] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6FA4CDCE] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6FA5CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6FA5C4D1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6FA5CD90] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6FA5D947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6FA5CA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6FA5C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6FA5CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6FA5E19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6FA5D46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6FA5D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6FA5CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6FA5DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6FA5E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6FA5DEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6FA5E015] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6FA5E325] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6FA5DD3F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6FA5D607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6FA4A400] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6FA4FBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6FA4E0F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6FA4A682] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6FA4AE32] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6FA4B0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6FA4BFC3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6FA4B641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6FA4969E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6FA4D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6FA4DDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6FA50291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6FA50D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6FA49300] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6FA4896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6FA4F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6FA4A178] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6FA4A910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6FA4EA70] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6FA4E499] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6FA4C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6FA48CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6FA48A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6FA4DE15] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6FA4943F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6FA4D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6FA4BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6FA48F5F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6FA4D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6FA491CF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6FA4F43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6FA4C52B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6FA4CF05] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6FA4CA20] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6FA5CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6FA5C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6FA5DEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6FA5E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6FA5CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6FA5DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6FA5D947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6FA5E19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6FA5D173] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6FA5D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6FA5D46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6FA5C91D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6FA5C391] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6FA5D607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6FA5CA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6FA5CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6FA59194] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6FA50D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6FA50291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6FA4D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6FA4F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6FA4C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6FA4943F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6FA48F5F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6FA4BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6FA4D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6FA48A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6FA4D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6FA5D173] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6FA5D2C3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6FA5E19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6FA5E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6FA5DD3F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6FA5CD90] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6FA5DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6FA5D947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6FA5D46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6FA5DEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6FA5CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6FA5D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6FA5CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6FA5CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6FA5C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6FA5D607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6FA5CA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6FA55CE6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6FA55C88] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6FA54D7E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6FA55098] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6FA55188] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6FA5408B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6FA55340] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6FA56188] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6FA5539B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6FA561E3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5300] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6FA53FE4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5424] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:05 AM

Posted 26 January 2009 - 04:18 PM

Hello, jocephus7

My pc problems began prior to me loading Norton Internet Security. I previously had AVG Free Edition but when the problems began I added Norton to see if it would find something that AVG hadn't.


If that is the case, please uninstall Norton for now, using this tool:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039

We can talk about putting an antivirus back on once we've dealt with the infection.

Do you have a legitimate windows disk available? It appears a ton of windows internals have been replaced by malicious copies....

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 jocephus7

jocephus7
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 28 January 2009 - 11:00 PM

Ok...Uninstalled Norton. Installed combofix. Combofix ran into an issue with McAfee Firewall so I removed it completely under the assumption that Windows Firewall is sufficient. No I don't believe my PC came with a disk for Vista. It came with Vista on it from dell but I am almost positive it did not come with the disk. What could cause the internals to be replaced with malicious copies? The Combofix log is below. Thanks.

ComboFix 09-01-21.04 - Joe 2009-01-28 22:14:36.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.435 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\00000082
c:\00000082\000000fb\000002bf\cltLMS1.dat
c:\00000082\000000fb\000002bf\cltLMS2.dat
c:\00000082\000000fb\000002c4\cltLMS1.dat
c:\00000082\000000fb\000002c4\cltLMS2.dat
c:\windows\system32\x64
.
---- Previous Run -------
.
c:\windows\system32\FTPx.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.

2009-01-25 22:46 . 2009-01-25 22:46 250 --a------ c:\windows\gmer.ini
2009-01-23 01:13 . 2009-01-23 01:14 <DIR> d-------- C:\rsit
2009-01-22 22:30 . 2009-01-22 22:30 <DIR> d-------- c:\users\Joe\AppData\Roaming\Malwarebytes
2009-01-22 22:30 . 2009-01-22 22:30 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-22 22:30 . 2009-01-22 22:30 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-22 22:30 . 2009-01-22 22:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-22 22:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-22 22:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-05 14:27 . 2009-01-05 14:27 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 13:31 . 2009-01-05 13:31 <DIR> d-------- c:\users\All Users\Avg7
2009-01-05 13:31 . 2009-01-05 13:31 <DIR> d-------- c:\programdata\Avg7
2009-01-05 12:26 . 2009-01-09 11:22 <DIR> d-------- c:\windows\System32\drivers\NIS
2009-01-05 12:26 . 2009-01-28 20:59 <DIR> d-------- c:\users\All Users\Norton
2009-01-05 12:26 . 2009-01-28 20:59 <DIR> d-------- c:\programdata\Norton
2009-01-05 12:25 . 2009-01-28 20:57 <DIR> d-------- c:\users\All Users\NortonInstaller
2009-01-05 12:25 . 2009-01-28 20:57 <DIR> d-------- c:\programdata\NortonInstaller
2009-01-05 12:25 . 2009-01-05 12:25 <DIR> d-------- c:\program files\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 01:58 --------- d-----w c:\program files\Symantec
2009-01-21 00:18 --------- d-----w c:\users\Joe\AppData\Roaming\uTorrent
2009-01-20 19:30 --------- d-----w c:\program files\SVOH PromatchILS
2009-01-13 03:31 --------- d-----w c:\programdata\Roxio
2009-01-05 18:20 --------- d-----w c:\programdata\Symantec
2009-01-02 16:22 --------- d-----w c:\users\Joe\AppData\Roaming\LimeWire
2008-12-30 07:58 --------- d-----w c:\program files\Full Tilt Poker
2008-12-27 11:39 --------- d-----w c:\users\Joe\AppData\Roaming\Nero
2008-12-27 10:41 --------- d-----w c:\program files\Common Files\Nero
2008-12-27 09:52 --------- d-----w c:\program files\Nero
2008-12-27 09:29 --------- d-----w c:\programdata\Nero
2008-12-27 07:17 --------- d-----w c:\program files\RegCure
2008-12-27 06:55 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-27 06:35 --------- d-----w c:\programdata\NOS
2008-12-27 06:35 --------- d-----w c:\program files\NOS
2008-12-26 07:45 --------- d-----w c:\program files\Common Files\Adobe
2008-12-16 07:53 --------- d-----w c:\program files\Zeallsoft
2008-12-10 22:12 --------- d-----w c:\program files\Hewlett-Packard
2008-12-10 22:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 22:11 --------- d-----w c:\program files\Common Files\Data Dynamics
2008-12-10 17:57 174 --sha-w c:\program files\desktop.ini
2008-12-10 17:54 --------- d-----w c:\program files\Windows Mail
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-03-05 01:35 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-05 01:35 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-05 01:35 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-03-16 01:30 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-16 01:30 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-16 01:30 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 c:\windows\sttray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-03-16 50688]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BengalsScreenServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-11-12 02:19 446976 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
--a------ 2006-07-14 09:47 106496 c:\program files\ESPNRunTime\DIGServices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2007-08-14 03:44 113136 c:\program files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-10-03 11:35 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 15:32 8699904 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-10-13 11:31 184320 c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-24 15:52 240112 c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{07BA1374-3E67-4419-A917-9D1AC0D39E45}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4C76716E-B456-4EDE-9627-599E0B524173}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3958869F-3112-4449-BE95-0672B42E34D5}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D0FC374B-BD0D-401E-A3A4-EFFDAC048479}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{23CC061A-9DC1-44A1-B76F-36B4BC06FC90}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BECCDBB3-1B02-4072-A0B2-182E5BE0131D}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5632484B-4645-4150-838A-F1EB418CA70E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{A97E7A9F-7F2A-4272-901A-92AEC649EEB2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2F9C3B6F-4EAE-414C-911A-58424DA9F54E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{F09F39BC-58CC-4338-848A-81D5583AE25D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{496C266F-F17A-4DB8-9B83-93CE9EF51D7E}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{0E807E14-B69C-4DF4-97A6-7F5B902D48B2}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{2EC3742D-B089-4706-B9BF-8E09966AFC7A}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{13F76838-494E-4195-BD5C-B541065C8553}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{681D8109-44B4-4C88-9886-A2B3CABDFCD3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{2B4F53AE-6B0F-40F5-AC3D-3C1C35FDB391}c:\\program files\\myspace\\im\\myspaceim.exe"= UDP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{66F45AD5-09F5-44EB-9B22-EE7068EBF479}c:\\program files\\myspace\\im\\myspaceim.exe"= TCP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{06BD8821-3E73-4E37-A77C-FD964467BA8F}"= UDP:c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe:RoxLiveShare10
"{81892E5C-4065-43F2-9E39-FC622596BEBA}"= TCP:c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe:RoxLiveShare10
"{B6C85710-B0EE-4088-9970-2A61722828BB}"= UDP:c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe:RoxLiveShare10
"{A7E707C9-D5F9-4C10-8C36-5ECF6B950D9F}"= TCP:c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe:RoxLiveShare10
"TCP Query User{2AB302F4-5AC7-4480-ABDC-08393E5C72FB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{01BA008D-E4A3-48C6-A468-A1936933A414}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{653353D8-B125-4B2D-8235-759214664EE2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FA0EE45C-AA90-4E22-BF82-44B984E93483}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{9A055DC5-50E9-4FF3-B801-5D4099954FB1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{80472796-AA4A-420B-91D0-196EA927790A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{F5CDB7F0-7641-4C13-80C1-64E65D79762F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{2AB11E72-4578-4DF5-B929-C1258D5D0F81}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S4 .norton2009Reset;Norton 2009 Reset;c:\programdata\Norton\Norton2009Reset.exe [2009-01-05 281625]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
.
Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2009-01-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {F60091D3-566C-4BC0-8EFF-67D0CB605B09} = 65.24.7.10,65.24.7.11
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 22:26:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-28 22:29:48
ComboFix-quarantined-files.txt 2009-01-29 03:29:44

Pre-Run: 898,076,672 bytes free
Post-Run: 3,129,147,392 bytes free

207 --- E O F --- 2009-01-02 05:56:32

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:05 AM

Posted 28 January 2009 - 11:09 PM

Hello, jocephus7

Nevermind... appears the copies are fine.

You appear to have a Registry Cleaner installed!
The following is referring to RegCure
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{2AB302F4-5AC7-4480-ABDC-08393E5C72FB}c:\\program files\\internet explorer\\iexplore.exe"=-
    "UDP Query User{01BA008D-E4A3-48C6-A468-A1936933A414}c:\\program files\\internet explorer\\iexplore.exe"=-
    "TCP Query User{653353D8-B125-4B2D-8235-759214664EE2}c:\\program files\\internet explorer\\iexplore.exe"=-
    "UDP Query User{FA0EE45C-AA90-4E22-BF82-44B984E93483}c:\\program files\\internet explorer\\iexplore.exe"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"=-
    driver::
    .norton2009Reset
    DDS::
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
    DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 jocephus7

jocephus7
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 29 January 2009 - 12:19 AM

Not sure if this is relevant but both times I have run Combofix I get a windows error that says..."Find String (QGREP) Utility has stopped working.

ComboFix 09-01-21.04 - Joe 2009-01-28 23:50:54.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.377 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\00000082
c:\00000082\000000fb\000002bf\cltLMS1.dat
c:\00000082\000000fb\000002bf\cltLMS2.dat
c:\00000082\000000fb\000002c4\cltLMS1.dat
c:\00000082\000000fb\000002c4\cltLMS2.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.norton2009Reset


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.

2009-01-25 22:46 . 2009-01-25 22:46 250 --a------ c:\windows\gmer.ini
2009-01-23 01:13 . 2009-01-23 01:14 <DIR> d-------- C:\rsit
2009-01-22 22:30 . 2009-01-22 22:30 <DIR> d-------- c:\users\Joe\AppData\Roaming\Malwarebytes
2009-01-22 22:30 . 2009-01-22 22:30 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-22 22:30 . 2009-01-22 22:30 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-22 22:30 . 2009-01-22 22:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-22 22:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-22 22:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-05 14:27 . 2009-01-05 14:27 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 13:31 . 2009-01-05 13:31 <DIR> d-------- c:\users\All Users\Avg7
2009-01-05 13:31 . 2009-01-05 13:31 <DIR> d-------- c:\programdata\Avg7
2009-01-05 12:26 . 2009-01-09 11:22 <DIR> d-------- c:\windows\System32\drivers\NIS
2009-01-05 12:26 . 2009-01-28 20:59 <DIR> d-------- c:\users\All Users\Norton
2009-01-05 12:26 . 2009-01-28 20:59 <DIR> d-------- c:\programdata\Norton
2009-01-05 12:25 . 2009-01-28 20:57 <DIR> d-------- c:\users\All Users\NortonInstaller
2009-01-05 12:25 . 2009-01-28 20:57 <DIR> d-------- c:\programdata\NortonInstaller
2009-01-05 12:25 . 2009-01-05 12:25 <DIR> d-------- c:\program files\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 01:58 --------- d-----w c:\program files\Symantec
2009-01-21 00:18 --------- d-----w c:\users\Joe\AppData\Roaming\uTorrent
2009-01-20 19:30 --------- d-----w c:\program files\SVOH PromatchILS
2009-01-13 03:31 --------- d-----w c:\programdata\Roxio
2009-01-05 18:20 --------- d-----w c:\programdata\Symantec
2009-01-02 16:22 --------- d-----w c:\users\Joe\AppData\Roaming\LimeWire
2008-12-30 07:58 --------- d-----w c:\program files\Full Tilt Poker
2008-12-27 11:39 --------- d-----w c:\users\Joe\AppData\Roaming\Nero
2008-12-27 10:41 --------- d-----w c:\program files\Common Files\Nero
2008-12-27 09:52 --------- d-----w c:\program files\Nero
2008-12-27 09:29 --------- d-----w c:\programdata\Nero
2008-12-27 07:17 --------- d-----w c:\program files\RegCure
2008-12-27 06:55 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-27 06:35 --------- d-----w c:\programdata\NOS
2008-12-27 06:35 --------- d-----w c:\program files\NOS
2008-12-26 07:45 --------- d-----w c:\program files\Common Files\Adobe
2008-12-16 07:53 --------- d-----w c:\program files\Zeallsoft
2008-12-10 22:12 --------- d-----w c:\program files\Hewlett-Packard
2008-12-10 22:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 22:11 --------- d-----w c:\program files\Common Files\Data Dynamics
2008-12-10 17:57 174 --sha-w c:\program files\desktop.ini
2008-12-10 17:54 --------- d-----w c:\program files\Windows Mail
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-03-05 01:35 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-05 01:35 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-05 01:35 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-03-16 01:30 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-16 01:30 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-16 01:30 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-28_22.27.57.72 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-01-29 03:11:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-29 05:04:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-29 03:11:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-29 05:04:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-29 03:26:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-29 05:05:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-01-29 03:26:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-29 05:05:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-29 05:05:36 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-29 03:14:12 12,000 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1419078479-2353412945-596696089-1000_UserData.bin
+ 2009-01-29 05:07:01 12,120 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1419078479-2353412945-596696089-1000_UserData.bin
- 2009-01-29 03:14:11 66,816 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-29 05:07:01 66,926 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-29 03:14:11 58,298 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-29 03:36:11 58,298 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 c:\windows\sttray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-03-16 50688]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-11-12 02:19 446976 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
--a------ 2006-07-14 09:47 106496 c:\program files\ESPNRunTime\DIGServices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2007-08-14 03:44 113136 c:\program files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-10-03 11:35 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 15:32 8699904 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-10-13 11:31 184320 c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-24 15:52 240112 c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{07BA1374-3E67-4419-A917-9D1AC0D39E45}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4C76716E-B456-4EDE-9627-599E0B524173}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3958869F-3112-4449-BE95-0672B42E34D5}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D0FC374B-BD0D-401E-A3A4-EFFDAC048479}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{23CC061A-9DC1-44A1-B76F-36B4BC06FC90}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BECCDBB3-1B02-4072-A0B2-182E5BE0131D}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5632484B-4645-4150-838A-F1EB418CA70E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{A97E7A9F-7F2A-4272-901A-92AEC649EEB2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2F9C3B6F-4EAE-414C-911A-58424DA9F54E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{F09F39BC-58CC-4338-848A-81D5583AE25D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{496C266F-F17A-4DB8-9B83-93CE9EF51D7E}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{0E807E14-B69C-4DF4-97A6-7F5B902D48B2}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{2EC3742D-B089-4706-B9BF-8E09966AFC7A}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{13F76838-494E-4195-BD5C-B541065C8553}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{681D8109-44B4-4C88-9886-A2B3CABDFCD3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{2B4F53AE-6B0F-40F5-AC3D-3C1C35FDB391}c:\\program files\\myspace\\im\\myspaceim.exe"= UDP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{66F45AD5-09F5-44EB-9B22-EE7068EBF479}c:\\program files\\myspace\\im\\myspaceim.exe"= TCP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{06BD8821-3E73-4E37-A77C-FD964467BA8F}"= UDP:c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe:RoxLiveShare10
"{81892E5C-4065-43F2-9E39-FC622596BEBA}"= TCP:c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe:RoxLiveShare10
"{B6C85710-B0EE-4088-9970-2A61722828BB}"= UDP:c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe:RoxLiveShare10
"{A7E707C9-D5F9-4C10-8C36-5ECF6B950D9F}"= TCP:c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe:RoxLiveShare10
"{9A055DC5-50E9-4FF3-B801-5D4099954FB1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{80472796-AA4A-420B-91D0-196EA927790A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{F5CDB7F0-7641-4C13-80C1-64E65D79762F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{2AB11E72-4578-4DF5-B929-C1258D5D0F81}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
.
Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2009-01-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {F60091D3-566C-4BC0-8EFF-67D0CB605B09} = 65.24.7.10,65.24.7.11
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 00:05:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3024)
c:\program files\Dell\MediaDirect\Kernel\Video\CLMedia.dll
c:\program files\Dell\MediaDirect\Kernel\Video\CLM1Splter.ax
c:\program files\Dell\MediaDirect\Kernel\Video\CLM2Splter.ax
c:\program files\Common Files\Sonic Shared\SonicHDDemuxer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-01-29 0:12:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-29 05:12:13
ComboFix2.txt 2009-01-29 03:29:49

Pre-Run: 3,047,276,544 bytes free
Post-Run: 2,763,395,072 bytes free

226 --- E O F --- 2009-01-02 05:56:32

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:05 AM

Posted 29 January 2009 - 09:12 PM

Hello :thumbsup:

Please download "Process Explorer" from here:
http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Save it to your desktop and double click to open it.

Go to File -> Show Details for All Processes.

Accept the UAC prompt.

Click the "CPU" part on the top of the large listview in the center of the program. It looks like this:
http://billy-oneal.com/forums/snagit36.png

Go to File -> Save As..

Save the logfile to your desktop.

Double click on the logfile to open it notepad.

Copy/Paste that logfile into your next reply.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 jocephus7

jocephus7
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 29 January 2009 - 10:10 PM

Process PID CPU Description Company Name
audiodg.exe 1160 Windows Audio Device Graph Isolation Microsoft Corporation
BCMWLTRY.EXE 1512 Dell Wireless WLAN Card Wireless Network Controller Dell Inc.
csrss.exe 512 Client Server Runtime Process Microsoft Corporation
csrss.exe 564 Client Server Runtime Process Microsoft Corporation
DLG.exe 3564 Digital Line Detection Avanquest Software
DPCs n/a Deferred Procedure Calls
ehmsas.exe 3992 Media Center Media Status Aggregator Service Microsoft Corporation
ehtray.exe 3472 Media Center Tray Applet Microsoft Corporation
FlashUtil9f.exe 5640 Adobe Flash Player Helper 9.0 r124 Adobe Systems, Inc.
hkcmd.exe 3384 hkcmd Module Intel Corporation
ieuser.exe 6600 Internet Explorer Microsoft Corporation
iexplore.exe 6856 Internet Explorer Microsoft Corporation
igfxpers.exe 3352 persistence Module Intel Corporation
lsass.exe 608 Local Security Authority Process Microsoft Corporation
lsm.exe 616 Local Session Manager Service Microsoft Corporation
MySpaceIM.exe 3728 MySpace Instant Messenger
MySpaceIM.exe 2580 MySpace Instant Messenger
NBService.exe 800 Nero BackItUp Nero AG
RoxMediaDB10.exe 2964 RoxMediaDB10 Module Sonic Solutions
RoxWatch10.exe 1624 RoxSniffer10 Module Sonic Solutions
SearchIndexer.exe 1232 Microsoft Windows Search Indexer Microsoft Corporation
SLsvc.exe 1196 Microsoft Software Licensing Service Microsoft Corporation
smss.exe 384 Windows Session Manager Microsoft Corporation
spoolsv.exe 1596 Spooler SubSystem App Microsoft Corporation
stacsv.exe 1696 STacSV Module SigmaTel, Inc.
sttray.exe 3324 Sigmatel Audio system tray application SigmaTel, Inc.
svchost.exe 804 Host Process for Windows Services Microsoft Corporation
svchost.exe 1244 Host Process for Windows Services Microsoft Corporation
svchost.exe 1632 Host Process for Windows Services Microsoft Corporation
svchost.exe 1560 Host Process for Windows Services Microsoft Corporation
svchost.exe 780 Host Process for Windows Services Microsoft Corporation
svchost.exe 1064 Host Process for Windows Services Microsoft Corporation
svchost.exe 860 Host Process for Windows Services Microsoft Corporation
svchost.exe 996 Host Process for Windows Services Microsoft Corporation
svchost.exe 1080 Host Process for Windows Services Microsoft Corporation
svchost.exe 1384 Host Process for Windows Services Microsoft Corporation
SynTPEnh.exe 3312 Synaptics TouchPad Enhancements Synaptics, Inc.
System 4
taskeng.exe 2476 Task Scheduler Engine Microsoft Corporation
taskeng.exe 2624 Task Scheduler Engine Microsoft Corporation
taskeng.exe 2684 Task Scheduler Engine Microsoft Corporation
wininit.exe 552 Windows Start-Up Application Microsoft Corporation
winlogon.exe 688 Windows Logon Application Microsoft Corporation
WLTRAY.EXE 3392 Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc.
WLTRYSVC.EXE 1500
wmpnetwk.exe 3800 Windows Media Player Network Sharing Service Microsoft Corporation
wmpnscfg.exe 3460 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
wuauclt.exe 1808 Windows Update Automatic Updates Microsoft Corporation
XAudio.exe 2084 Modem Audio Service Conexant Systems, Inc.
YahooMessenger.exe 4080 Yahoo! Messenger Yahoo! Inc.
services.exe 596 1.48 Services and Controller app Microsoft Corporation
svchost.exe 1056 1.48 Host Process for Windows Services Microsoft Corporation
Interrupts n/a 2.22 Hardware Interrupts
dwm.exe 504 4.44 Desktop Window Manager Microsoft Corporation
procexp.exe 9288 6.67 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System Idle Process 0 37.04
explorer.exe 3024 47.41 Windows Explorer Microsoft Corporation

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:05 AM

Posted 29 January 2009 - 10:27 PM

Hello, jocephus7
We need to execute a Batch File
  • Go to Start -> Run, and type "notepad" into the box.
  • Press ok.
  • Copy and paste the following code into notepad:
    pv --module explorer.exe > log.txt
    start notepad log.txt
    ping localhost -w 1000 -n 2
    del log.txt
  • Go to File -> Save
  • To the right of "Save as Type:" in the bottom of the window, change the ComboBox to "All Files"
  • Enter fix.bat into the "File name:" box just above the "Save as Type" box.
  • Double click fix.bat on your desktop.
BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 jocephus7

jocephus7
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 29 January 2009 - 10:34 PM

Done

#12 jocephus7

jocephus7
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 29 January 2009 - 11:07 PM

I am assuming I did it right...when I double clicked fix.bat on my desktop it opened a DOS window that quickly disappeared and then log.txt opened in notepad but it is completely blank.

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:05 AM

Posted 30 January 2009 - 08:25 PM

Hmm... that's strange.

Please download PV from here:
http://billy-oneal.com/Mirror/pv.exe

Save it to your desktop.

Then rerun the batch... it shouldn't be blank this time :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 jocephus7

jocephus7
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 31 January 2009 - 01:38 AM

Module information for 'Explorer.exe'(3024)
MODULE BASE SIZE PATH
Explorer.exe f20000 2936832 C:\Windows\Explorer.exe
ntdll.dll 76f40000 1171456 C:\Windows\system32\ntdll.dll
kernel32.dll 75c70000 884736 C:\Windows\system32\kernel32.dll
ADVAPI32.dll 758c0000 782336 C:\Windows\system32\ADVAPI32.dll
RPCRT4.dll 75980000 798720 C:\Windows\system32\RPCRT4.dll
GDI32.dll 76da0000 307200 C:\Windows\system32\GDI32.dll
USER32.dll 75bb0000 647168 C:\Windows\system32\USER32.dll
msvcrt.dll 75e70000 696320 C:\Windows\system32\msvcrt.dll
SHLWAPI.dll 77090000 348160 C:\Windows\system32\SHLWAPI.dll
SHELL32.dll 76140000 11329536 C:\Windows\system32\SHELL32.dll
ole32.dll 75f20000 1327104 C:\Windows\system32\ole32.dll
OLEAUT32.dll 75830000 573440 C:\Windows\system32\OLEAUT32.dll
SHDOCVW.dll 71e20000 1077248 C:\Windows\system32\SHDOCVW.dll
UxTheme.dll 748a0000 258048 C:\Windows\system32\UxTheme.dll
POWRPROF.dll 74b50000 106496 C:\Windows\system32\POWRPROF.dll
dwmapi.dll 72540000 49152 C:\Windows\system32\dwmapi.dll
gdiplus.dll 74050000 1744896 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll
slc.dll 75140000 233472 C:\Windows\system32\slc.dll
PROPSYS.dll 74210000 749568 C:\Windows\system32\PROPSYS.dll
BROWSEUI.dll 6f470000 1331200 C:\Windows\system32\BROWSEUI.dll
IMM32.dll 75c50000 122880 C:\Windows\system32\IMM32.dll
MSCTF.dll 75da0000 815104 C:\Windows\system32\MSCTF.dll
DUser.dll 74870000 196608 C:\Windows\system32\DUser.dll
LPK.DLL 77080000 36864 C:\Windows\system32\LPK.DLL
USP10.dll 76ec0000 512000 C:\Windows\system32\USP10.dll
comctl32.dll 745a0000 1654784 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
WindowsCodecs.dll 73960000 729088 C:\Windows\system32\WindowsCodecs.dll
IconCodecService.dll 71e00000 24576 C:\Windows\system32\IconCodecService.dll
Secur32.dll 75690000 81920 C:\Windows\system32\Secur32.dll
CLBCatQ.DLL 770f0000 540672 C:\Windows\system32\CLBCatQ.DLL
rsaenh.dll 74bf0000 229376 C:\Windows\system32\rsaenh.dll
timedate.cpl 6fd40000 729088 C:\Windows\system32\timedate.cpl
ATL.DLL 73df0000 81920 C:\Windows\system32\ATL.DLL
NETAPI32.dll 75500000 434176 C:\Windows\system32\NETAPI32.dll
PSAPI.DLL 75760000 28672 C:\Windows\system32\PSAPI.DLL
OLEACC.dll 74750000 229376 C:\Windows\system32\OLEACC.dll
actxprxy.dll 6faf0000 339968 C:\Windows\system32\actxprxy.dll
USERENV.dll 756b0000 122880 C:\Windows\system32\USERENV.dll
WINBRAND.dll 74cb0000 880640 C:\Windows\system32\WINBRAND.dll
SAMLIB.dll 752e0000 69632 C:\Windows\System32\SAMLIB.dll
apphelp.dll 75630000 180224 C:\Windows\system32\apphelp.dll
msshsq.dll 70440000 229376 C:\Windows\System32\msshsq.dll
NaturalLanguage6.dll 6f8d0000 806912 C:\Windows\System32\NaturalLanguage6.dll
CRYPT32.dll 75180000 987136 C:\Windows\System32\CRYPT32.dll
MSASN1.dll 752c0000 73728 C:\Windows\System32\MSASN1.dll
authui.dll 6f6e0000 1994752 C:\Windows\system32\authui.dll
MSIMG32.dll 70fc0000 20480 C:\Windows\system32\MSIMG32.dll
LINKINFO.dll 71fb0000 36864 C:\Windows\system32\LINKINFO.dll
ieframe.dll 6e710000 6082560 C:\Windows\system32\ieframe.dll
iertutil.dll 76e70000 282624 C:\Windows\system32\iertutil.dll
thumbcache.dll 70330000 73728 C:\Windows\system32\thumbcache.dll
msiltcfg.dll 71fa0000 28672 C:\Windows\system32\msiltcfg.dll
VERSION.dll 74ed0000 32768 C:\Windows\system32\VERSION.dll
msi.dll 727a0000 2113536 C:\Windows\system32\msi.dll
NTMARTA.DLL 74b70000 135168 C:\Windows\system32\NTMARTA.DLL
WLDAP32.dll 75d50000 299008 C:\Windows\system32\WLDAP32.dll
WS2_32.dll 75800000 184320 C:\Windows\system32\WS2_32.dll
NSI.dll 77060000 24576 C:\Windows\system32\NSI.dll
urlmon.dll 75a80000 1208320 C:\Windows\system32\urlmon.dll
ntshrui.dll 71f50000 303104 C:\Windows\system32\ntshrui.dll
cscapi.dll 72570000 40960 C:\Windows\system32\cscapi.dll
ExplorerFrame.dll 71f40000 36864 C:\Windows\system32\ExplorerFrame.dll
WININET.dll 76070000 851968 C:\Windows\system32\WININET.dll
Normaliz.dll 77070000 12288 C:\Windows\system32\Normaliz.dll
SETUPAPI.dll 76c10000 1609728 C:\Windows\system32\SETUPAPI.dll
WINTRUST.dll 73f20000 184320 C:\Windows\system32\WINTRUST.dll
imagehlp.dll 75a50000 167936 C:\Windows\system32\imagehlp.dll
CLMedia.dll 10000000 36864 C:\Program Files\Dell\MediaDirect\Kernel\Video\CLMedia.dll
quartz.dll 6d9d0000 1511424 C:\Windows\system32\quartz.dll
WINMM.dll 74790000 208896 C:\Windows\system32\WINMM.dll
DXVA2.DLL 70510000 73728 C:\Windows\system32\DXVA2.DLL
mpg2splt.ax 71d60000 192512 C:\Windows\System32\mpg2splt.ax
mediametadatahandler.dll 6fa50000 376832 C:\Windows\System32\mediametadatahandler.dll
WMVCore.DLL 6e450000 2449408 C:\Windows\System32\WMVCore.DLL
WMASF.DLL 6fc90000 233472 C:\Windows\System32\WMASF.DLL
qedit.dll 6e1d0000 520192 C:\Windows\System32\qedit.dll
MSVFW32.dll 6fa10000 143360 C:\Windows\System32\MSVFW32.dll
COMDLG32.dll 76df0000 475136 C:\Windows\system32\COMDLG32.dll
devenum.dll 71de0000 77824 C:\Windows\system32\devenum.dll
CLM1Splter.ax 1c400000 167936 C:\Program Files\Dell\MediaDirect\Kernel\Video\CLM1Splter.ax
MSVCP60.dll 6fcd0000 417792 C:\Windows\system32\MSVCP60.dll
CLM2Splter.ax 2260000 176128 C:\Program Files\Dell\MediaDirect\Kernel\Video\CLM2Splter.ax
SFC.DLL 729b0000 20480 C:\Windows\system32\SFC.DLL
sfc_os.dll 71f30000 53248 C:\Windows\system32\sfc_os.dll
SonicHDDemuxer.dll 23b0000 208896 C:\Program Files\Common Files\Sonic Shared\SonicHDDemuxer.dll
MSVCR71.dll 7c340000 352256 C:\Program Files\Common Files\Sonic Shared\MSVCR71.dll
MSVCP71.dll 7c3a0000 503808 C:\Program Files\Common Files\Sonic Shared\MSVCP71.dll
stobject.dll 6e130000 598016 C:\Windows\system32\stobject.dll
BatMeter.dll 6e390000 745472 C:\Windows\system32\BatMeter.dll
WTSAPI32.dll 74990000 36864 C:\Windows\system32\WTSAPI32.dll
WINSTA.dll 74ee0000 147456 C:\Windows\system32\WINSTA.dll
es.dll 73a20000 286720 C:\Windows\system32\es.dll
SndVolSSO.dll 6f440000 196608 C:\Windows\System32\SndVolSSO.dll
MMDevApi.dll 74340000 159744 C:\Windows\System32\MMDevApi.dll
audioses.dll 73bb0000 135168 C:\Windows\System32\audioses.dll
audioeng.dll 73b40000 417792 C:\Windows\System32\audioeng.dll
AVRT.dll 74740000 28672 C:\Windows\System32\AVRT.dll
ehSSO.dll 6e6e0000 135168 C:\Windows\ehome\ehSSO.dll
HID.DLL 73de0000 36864 C:\Windows\system32\HID.DLL
FirewallAPI.dll 74a80000 405504 C:\Windows\system32\FirewallAPI.dll
netshell.dll 70000000 3190784 C:\Windows\System32\netshell.dll
IPHLPAPI.DLL 750d0000 102400 C:\Windows\System32\IPHLPAPI.DLL
dhcpcsvc.DLL 75090000 217088 C:\Windows\System32\dhcpcsvc.DLL
DNSAPI.dll 75300000 176128 C:\Windows\System32\DNSAPI.dll
WINNSI.DLL 75080000 28672 C:\Windows\System32\WINNSI.DLL
dhcpcsvc6.DLL 75060000 131072 C:\Windows\System32\dhcpcsvc6.DLL
nlaapi.dll 73eb0000 61440 C:\Windows\System32\nlaapi.dll
pnidui.dll 6d380000 1830912 C:\Windows\system32\pnidui.dll
QUtil.dll 70ae0000 94208 C:\Windows\system32\QUtil.dll
wevtapi.dll 750f0000 253952 C:\Windows\system32\wevtapi.dll
wlanutil.dll 73670000 24576 C:\Windows\system32\wlanutil.dll
FunDisc.dll 72610000 159744 C:\Windows\system32\FunDisc.dll
fdproxy.dll 6f9c0000 36864 C:\Windows\system32\fdproxy.dll
npmproxy.dll 73d80000 32768 C:\Windows\System32\npmproxy.dll
Wlanapi.dll 735b0000 57344 C:\Windows\system32\Wlanapi.dll
OneX.DLL 736e0000 184320 C:\Windows\system32\OneX.DLL
eappprxy.dll 73aa0000 53248 C:\Windows\system32\eappprxy.dll
eappcfg.dll 736b0000 163840 C:\Windows\system32\eappcfg.dll
bcrypt.dll 74fb0000 278528 C:\Windows\system32\bcrypt.dll
AltTab.dll 71db0000 53248 C:\Windows\System32\AltTab.dll
wpdshserviceobj.dll 6e360000 143360 C:\Windows\system32\wpdshserviceobj.dll
WINHTTP.dll 72e00000 389120 C:\Windows\system32\WINHTTP.dll
srchadmin.dll 6d990000 262144 C:\Windows\System32\srchadmin.dll
webcheck.dll 6d950000 245760 C:\Windows\system32\webcheck.dll
SyncCenter.dll 6b250000 2211840 C:\Windows\System32\SyncCenter.dll
wscntfy.dll 6e0f0000 233472 C:\Windows\system32\wscntfy.dll
WSCAPI.dll 6f9d0000 45056 C:\Windows\system32\WSCAPI.dll
mssprxy.dll 6f420000 45056 C:\Windows\system32\mssprxy.dll
imapi2.dll 6d7b0000 331776 C:\Windows\system32\imapi2.dll
QAgent.dll 6fec0000 180224 C:\Windows\System32\QAgent.dll
fwpuclnt.dll 72d10000 565248 C:\Windows\System32\fwpuclnt.dll
PortableDeviceTypes.dll 6d840000 176128 C:\Windows\system32\PortableDeviceTypes.dll
PortableDeviceApi.dll 71920000 253952 C:\Windows\system32\PortableDeviceApi.dll
SXS.DLL 75570000 389120 C:\Windows\system32\SXS.DLL
bthprops.cpl 6ce10000 1019904 C:\Windows\system32\bthprops.cpl
MPR.dll 75280000 81920 C:\Windows\system32\MPR.dll
hccutils.DLL 1a10000 81920 C:\Windows\System32\hccutils.DLL
MLANG.dll 6d900000 196608 C:\Windows\system32\MLANG.dll
msstrc.dll 74380000 65536 C:\Windows\system32\msstrc.dll
BCMWLCPL.CPL 74d0000 4227072 C:\Windows\system32\BCMWLCPL.CPL
mscoree.dll 79000000 282624 C:\Windows\system32\mscoree.dll
MFC80.DLL 73230000 1110016 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
MSVCR80.dll 735d0000 634880 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll
msvcm80.dll 731b0000 512000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcm80.dll
MSVCP80.dll 73520000 552960 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCP80.dll
MFC80ENU.DLL 73180000 57344 C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL
mscorwks.dll 79e70000 5660672 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
mscorlib.ni.dll 790c0000 11657216 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7fe79782947b85d961fd55cb5e02a129\mscorlib.ni.dll
mscorjit.dll 79060000 339968 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
bcmwlrmt.dll 43c0000 77824 C:\Windows\system32\bcmwlrmt.dll
RICHED32.DLL 6f9a0000 24576 C:\Windows\system32\RICHED32.DLL
RICHED20.dll 6e070000 475136 C:\Windows\system32\RICHED20.dll
igfxres.dll 4900000 155648 C:\Windows\system32\igfxres.dll
igfxress.dll b630000 3276800 C:\Windows\system32\igfxress.dll
DSOUND.dll 71a20000 462848 C:\Windows\system32\DSOUND.dll
wdmaud.drv 6fe90000 196608 C:\Windows\system32\wdmaud.drv
ksuser.dll 74200000 16384 C:\Windows\system32\ksuser.dll
msacm32.drv 70560000 36864 C:\Windows\system32\msacm32.drv
MSACM32.dll 6fe70000 86016 C:\Windows\system32\MSACM32.dll
midimap.dll 704d0000 28672 C:\Windows\system32\midimap.dll
WinSATAPI.dll 6b640000 393216 C:\Windows\system32\WinSATAPI.dll
Cabinet.dll 74390000 81920 C:\Windows\system32\Cabinet.dll
ncrypt.dll 75000000 204800 C:\Windows\system32\ncrypt.dll
GPAPI.dll 74bd0000 86016 C:\Windows\system32\GPAPI.dll
cryptnet.dll 6f9e0000 102400 C:\Windows\system32\cryptnet.dll
SensApi.dll 72650000 24576 C:\Windows\system32\SensApi.dll
WINSPOOL.DRV 72af0000 266240 C:\Windows\system32\WINSPOOL.DRV
idle.dll 60300000 28672 C:\Program Files\Yahoo!\Messenger\idle.dll
AVIFIL32.dll 73d20000 98304 C:\Windows\system32\AVIFIL32.dll
CDRAL.DLL 19b0000 98304 C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\CDRAL.DLL
px.dll 4d90000 655360 C:\Program Files\Common Files\PX Storage Engine\px.dll
PXDRV.DLL 5f10000 528384 C:\Program Files\Common Files\PX Storage Engine\PXDRV.DLL
PXMAS.DLL 2140000 188416 C:\Program Files\Common Files\PX Storage Engine\PXMAS.DLL
PXSFS.DLL 9a80000 1675264 C:\Program Files\Common Files\PX Storage Engine\PXSFS.DLL
PXAFS.DLL 1da0000 131072 C:\Program Files\Common Files\PX Storage Engine\PXAFS.DLL
PxWave.dll 6040000 614400 C:\Program Files\Common Files\PX Storage Engine\PxWave.dll
shacct.dll 6d760000 90112 C:\Windows\System32\shacct.dll
NLSData0009.dll 6ef70000 4886528 C:\Windows\System32\NLSData0009.dll
NLSLexicons0009.dll 6ece0000 2650112 C:\Windows\System32\NLSLexicons0009.dll

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:05 AM

Posted 01 February 2009 - 04:52 PM

Hello, jocephus7
I'm not sure why explorer.exe is monopolizing the processor, but I don't think it is a malware issue at this point.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users