Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Trojan


  • This topic is locked This topic is locked
8 replies to this topic

#1 Hwlan Larkin

Hwlan Larkin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 19 February 2009 - 08:01 PM

Got one of the newer variants of the Vundo trojan. Tried removing it with Malwarebytes, Super AntiSpyware, Spybot, Vundofix, Vurtumundobegone, and McAfee with no permanent success. Here are the DDS logs:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 16:55:35.71 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1026 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://csuchico.edu/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {155c5c82-d781-4056-b1cd-6655ce206715} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Power2GoExpress] NA
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://asp.mathxl.com/applets/PearsonInstallAsst.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156738798890
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156738794812
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: lakwnt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\wps32njx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-11-14 207656]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-25 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-11-14 358736]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-11-14 144704]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-4 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-11-14 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-11-14 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-11-14 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-11-14 40488]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-11-17 8944]
S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctmsfsyn.sys --> c:\windows\system32\drivers\ctmsfsyn.sys [?]
S3 GPCIEnu1;GPCIEnu1;c:\windows\system32\GPCIEnum.sys [2007-10-11 7626]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-11-14 34152]
S3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]
S4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]

=============== Created Last 30 ================

2009-02-18 22:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-18 08:30 143,360 -------- c:\windows\system32\lakwnt.dll
2009-02-04 19:14 <DIR> --d----- c:\program files\Viewpoint
2009-02-04 19:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-01-25 22:51 6,688 a------- c:\windows\movexe.exe
2009-01-25 22:50 <DIR> --d----- C:\onyx

==================== Find3M ====================

2009-02-18 08:30 143,360 a--sh--- c:\windows\system32\dapehako.dll
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-29 15:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 16:57:02.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 01 March 2009 - 04:19 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



Download and run OTListIT2

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Post both logs in your next reply please.
Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

In your next reply please include the following:
  • OTListIt.txt
  • Extra.txt
  • GMER Scan log
  • What Problems do you still have?

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Hwlan Larkin

Hwlan Larkin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 01 March 2009 - 08:34 PM

Hey. Don't worry about the time, I understand.

I think I might have fixed it, but since you're using different tools than I did, I did the scans. Might as well make sure that I'm actually clean.

OTListIt logfile created on: 3/1/2009 4:57:27 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.63% Memory free
3.84 Gb Paging File | 3.16 Gb Available in Paging File | 82.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 87.29 Gb Total Space | 45.76 Gb Free Space | 52.42% Space Free | Partition Type: NTFS
Drive D: | 5.85 Gb Total Space | 2.67 Gb Free Space | 45.70% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REYNARD
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/08/02 00:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2006/08/02 00:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/03/14 12:34:38 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 19:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/02/21 17:25:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/05 15:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2006/07/20 19:58:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\nvsvc32.exe
PRC - [2004/10/04 03:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/08/21 05:49:52 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/08/02 00:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe
PRC - [2005/12/05 20:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/08/05 19:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/07/11 16:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2004/11/05 06:47:00 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/05 06:47:00 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/02/13 00:23:38 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\windows\stsystra.exe
PRC - [2006/01/19 21:34:26 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\windows\sm56hlpr.exe
PRC - [2006/08/02 00:38:30 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/08/02 00:32:44 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2008/04/24 12:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2009/02/21 17:25:54 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/10/30 10:01:16 | 00,392,832 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/08/02 00:27:54 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/08/19 20:32:28 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/03/14 12:42:18 | 00,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005/12/05 19:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/02/04 08:15:59 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 16:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/03/01 16:57:01 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/10/04 04:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor [Disabled | Stopped])
SRV - [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/03/14 12:34:38 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 19:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/08/02 00:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/02/09 16:28:11 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/02/21 17:25:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/12/05 15:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2008/06/20 13:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/05 19:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 10:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/07/20 19:58:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/10/04 03:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect [Auto | Running])
SRV - [2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/03/15 18:04:39 | 00,063,040 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
SRV - [2007/05/17 01:19:12 | 00,099,904 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped])
SRV - [2006/08/21 05:49:52 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2006/08/02 00:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/08/02 00:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Auto | Running])
SRV - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - [2005/12/05 20:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/01/19 23:36:41 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\windows\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\windows\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2001/08/17 19:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\windows\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 19:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\windows\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 19:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\windows\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2006/03/14 12:21:18 | 00,328,237 | ---- | M] (Broadcom Corporation.) -- C:\windows\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2006/03/14 12:15:34 | 00,030,427 | ---- | M] (Broadcom Corporation.) -- C:\windows\system32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Stopped])
DRV - [2006/03/14 12:18:00 | 00,851,402 | ---- | M] (Broadcom Corporation.) -- C:\windows\system32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2006/03/14 12:19:24 | 00,023,271 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
DRV - [2006/03/14 12:12:02 | 00,148,900 | ---- | M] (Broadcom Corporation.) -- C:\windows\system32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2006/03/14 12:10:56 | 00,045,683 | ---- | M] (Broadcom Corporation.) -- C:\windows\system32\DRIVERS\btwhid.sys -- (btwhid [On_Demand | Stopped])
DRV - [2006/03/14 12:14:52 | 00,065,784 | ---- | M] (Broadcom Corporation.) -- C:\windows\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2001/08/17 19:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\windows\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2005/02/17 07:19:16 | 00,339,984 | R--- | M] (Creative Technology Ltd) -- C:\windows\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2001/08/17 19:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\windows\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2005/09/14 18:24:08 | 00,179,200 | ---- | M] (Intel Corporation) -- C:\windows\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2007/10/06 21:36:28 | 00,028,672 | ---- | M] (Gteko Ltd.) -- C:\windows\system32\DRIVERS\goprot51.sys -- (GoProto [On_Demand | Running])
DRV - [2006/08/06 14:06:16 | 00,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys -- (GPCIEnu1 [On_Demand | Stopped])
DRV - [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\windows\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/12/14 08:07:44 | 00,051,120 | R--- | M] (HP) -- C:\windows\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/12/14 08:07:44 | 00,016,496 | R--- | M] (HP) -- C:\windows\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/12/14 08:07:44 | 00,021,744 | R--- | M] (HP) -- C:\windows\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/10/12 12:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\windows\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor [Boot | Running])
DRV - [2008/06/27 06:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2008/06/27 06:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2008/06/27 06:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2008/06/20 05:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2008/06/27 06:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2008/06/02 14:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 19:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\windows\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2006/09/27 02:36:24 | 01,709,696 | ---- | M] (Intel® Corporation) -- C:\windows\system32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
DRV - [2006/07/20 19:58:00 | 03,685,152 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/10/18 11:48:38 | 00,154,752 | ---- | M] (PixArt Imaging Inc.) -- C:\windows\system32\DRIVERS\PA707UCM.SYS -- (PAC7311 [On_Demand | Stopped])
DRV - [2005/11/29 20:50:42 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\windows\system32\Drivers\PenClass.sys -- (PenClass [Boot | Running])
DRV - [2007/05/17 01:19:16 | 00,022,584 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
DRV - [2004/01/26 07:01:28 | 00,052,224 | ---- | M] (Protection Technology) -- C:\windows\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2004/01/26 07:36:35 | 00,095,552 | ---- | M] (Protection Technology) -- C:\windows\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2004/08/10 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/13 00:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 19:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\windows\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 19:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\windows\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 19:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\windows\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2006/08/02 01:27:48 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\windows\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2008/11/17 15:11:06 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/11/17 15:11:08 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2008/11/17 15:11:04 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/08/06 14:06:14 | 00,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2 [On_Demand | Stopped])
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003/07/16 14:27:40 | 00,043,264 | ---- | M] (Prolific Technology Inc.) -- C:\windows\system32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2003/12/01 07:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\windows\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\windows\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2006/01/19 21:44:42 | 00,862,340 | ---- | M] (Motorola Inc.) -- C:\windows\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2001/08/17 20:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\windows\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2006/02/13 00:26:02 | 01,106,888 | ---- | M] (SigmaTel, Inc.) -- C:\windows\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 20:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\windows\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 20:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\windows\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 20:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\windows\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 20:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\windows\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/11/05 06:47:00 | 00,185,824 | ---- | M] (Synaptics, Inc.) -- C:\windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/09/20 23:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\windows\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2001/08/17 19:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\windows\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/04/13 10:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/08/01 01:58:42 | 00,009,600 | R--- | M] (VMware, Inc.) -- C:\windows\system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Stopped])
DRV - [2005/12/04 23:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\windows\system32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Stopped])
DRV - [2005/03/21 04:05:46 | 00,333,620 | ---- | M] (Jungo) -- C:\windows\system32\drivers\windrvr6.sys -- (WinDriver6 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=NX860X
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=NX860X
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\S-1-5-21-2454426937-4293005386-1802504269-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.84
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.0
FF - prefs.js..extensions.enabledItems: video-dowloader@magic-imv.ro:2.2.280608
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - prefs.js..extensions.enabledItems: {2b84da20-6449-11dd-ad8b-0800200c9a66}:1.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2008/12/21 08:11:55 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/21 17:25:56 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/02/15 11:37:46 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/23 12:38:51 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2008/09/12 23:16:56 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/09/12 23:16:56 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions [2009/02/28 19:29:29 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions\{2b84da20-6449-11dd-ad8b-0800200c9a66} [2008/09/20 01:21:04 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2008/11/18 20:49:08 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/02/19 00:23:55 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/01/03 00:25:29 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions\video-dowloader@magic-imv.ro [2008/07/14 18:49:07 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/02/28 19:29:29 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/04 08:16:07 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/02/21 17:26:30 00,000,000 | ---D | M]

O1 HOSTS File: (296543 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10268 more lines...
O2 - BHO: (no name) - {155c5c82-d781-4056-b1cd-6655ce206715} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet /nodetect ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (Reg Error: Key error.)
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://asp.mathxl.com/applets/PearsonInstallAsst.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1156738798890 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1156738794812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 01:41:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/02 17:24:51 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{126f56a6-800b-11db-be3f-0016cee0f708}\Shell - "" = AutoRun
O33 - MountPoints2\{126f56a6-800b-11db-be3f-0016cee0f708}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{126f56a6-800b-11db-be3f-0016cee0f708}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{76527888-364b-11db-bdcf-0016cee0f708}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{796bc6b0-ab01-11dd-bfda-0016cee0f708}\Shell\AutoRun\command - "" = wdsync.exe

========== Files/Folders - Created Within 30 Days ==========

[1 C:\windows\*.tmp files]
[2009/03/01 16:57:01 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/02/25 20:09:09 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/25 18:17:58 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Rewards.xls
[2009/02/25 16:55:07 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\shintoreport.doc
[2009/02/24 21:51:43 | 52,560,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\mailessentials14.exe
[2009/02/24 01:13:28 | 21,666,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\54252.flv
[2009/02/23 13:30:11 | 00,013,374 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Graph A.ga3
[2009/02/23 12:44:57 | 18,443,6736 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\[StrikeS] Kemeko DX 02 [704x400][XviD][43F669A4].avi
[2009/02/23 12:38:40 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/02/23 08:39:43 | 18,445,7216 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\[StrikeS] Kemeko DX 01 [704x400][XviD][204C4A69].avi
[2009/02/22 15:41:00 | 25,506,535 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\spacehulk_full_v1_0.zip
[2009/02/21 00:05:35 | 00,000,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/02/21 00:05:35 | 00,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/02/20 16:50:36 | 21,455,05280 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/20 01:16:19 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/02/20 00:13:37 | 00,000,000 | -HSD | C] -- C:\windows\CSC
[2009/02/20 00:11:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2009/02/19 16:57:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\graaaahhh
[2009/02/18 21:02:58 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe
[2009/02/16 16:45:51 | 09,986,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Saisho No Evangelion Shoki Settei No Shoujotachi.rar
[2009/02/15 11:02:46 | 00,147,560 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20090215_110244.reg
[2009/02/10 20:05:01 | 14,302,111 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Evangelion_dj-2008_Omake_Hon_Soushuuhen_Sono_1_trans_CGRascal.rar
[2009/02/06 01:21:37 | 02,715,366 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wax20e.zip
[2009/02/04 19:14:16 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2009/02/04 19:14:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore

========== Files - Modified Within 30 Days ==========

[13 C:\windows\System32\*.tmp files]
[1 C:\windows\*.tmp files]
[2009/03/01 16:57:01 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/03/01 16:50:23 | 00,026,308 | ---- | M] () -- C:\windows\System32\Config.MPF
[2009/03/01 16:50:02 | 00,051,048 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2009/03/01 16:49:21 | 00,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/03/01 16:48:49 | 00,000,338 | ---- | M] () -- C:\windows\System32\tablet.dat
[2009/03/01 16:48:43 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/03/01 16:48:40 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/03/01 16:48:37 | 21,455,05280 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/28 00:02:49 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\shintoreport.doc
[2009/02/25 18:37:53 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Rewards.xls
[2009/02/24 21:57:09 | 52,560,384 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\mailessentials14.exe
[2009/02/24 01:13:28 | 21,666,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\54252.flv
[2009/02/23 19:56:54 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Title sheet.doc
[2009/02/23 13:48:55 | 00,013,374 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Graph A.ga3
[2009/02/23 12:52:05 | 18,443,6736 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\[StrikeS] Kemeko DX 02 [704x400][XviD][43F669A4].avi
[2009/02/23 12:38:40 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/02/23 12:38:11 | 00,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2009/02/23 08:39:26 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/23 08:38:15 | 18,445,7216 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\[StrikeS] Kemeko DX 01 [704x400][XviD][204C4A69].avi
[2009/02/22 15:42:38 | 25,506,535 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\spacehulk_full_v1_0.zip
[2009/02/21 00:05:38 | 00,000,802 | ---- | M] () -- C:\windows\win.ini
[2009/02/21 00:05:38 | 00,000,282 | ---- | M] () -- C:\windows\system.ini
[2009/02/20 00:20:42 | 02,924,170 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/02/19 00:08:37 | 00,296,543 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2009/02/18 21:03:01 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe
[2009/02/18 16:03:15 | 00,006,456 | -H-- | M] () -- C:\windows\System32\niruvihi
[2009/02/18 15:09:30 | 02,115,082 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/02/16 16:46:39 | 09,986,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Saisho No Evangelion Shoki Settei No Shoujotachi.rar
[2009/02/15 11:03:06 | 00,147,560 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20090215_110244.reg
[2009/02/12 22:44:48 | 00,291,346 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090219-000837.backup
[2009/02/12 20:11:41 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/02/10 20:07:37 | 14,302,111 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Evangelion_dj-2008_Omake_Hon_Soushuuhen_Sono_1_trans_CGRascal.rar
[2009/02/06 01:21:45 | 02,715,366 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wax20e.zip
[2009/02/05 07:09:54 | 00,002,675 | -H-- | M] () -- C:\IPH.PH
[2009/02/04 19:14:14 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\windows\vidres.exe:SummaryInformation
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 0 bytes -> C:\windows\vidres.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\Desktop\Thumbs.db:encryptable
< End of report >


OTListIt Extras logfile created on: 3/1/2009 4:57:27 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.63% Memory free
3.84 Gb Paging File | 3.16 Gb Available in Paging File | 82.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 87.29 Gb Total Space | 45.76 Gb Free Space | 52.42% Space Free | Partition Type: NTFS
Drive D: | 5.85 Gb Total Space | 2.67 Gb Free Space | 45.70% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REYNARD
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/11/02 23:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/07/15 22:53:36 | 00,219,952 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/11/18 16:31:04 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/10/31 11:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/06/14 09:41:54 | 00,781,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcupdmgr.exe:*:Enabled:mcupdmgr

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}" = Sony ACID XPress 5.0a
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3D2F4CB7-4317-44E8-B840-E1A6345B3E44}" = PC VGA Camera
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5BD29DC3-EE5C-4E1F-932D-94848CFDD39E}" = ArcSoft VideoImpression 2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{669595F6-17BE-482D-8143-8C01C2ECA2CF}" = Alibre Design
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{82E62F20-2BF3-4219-A3C7-5696A85F0224}" = BASIC Stamp Editor v2.3.7
"{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}" = GWCares
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B946D46E-1302-48B4-84EE-B74C3191D975}" = Corel Painter Essentials 2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D42B6F90-1084-4C9B-AF28-958926E6E32E}" = LP_Flash
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DF72189F-AC28-4545-8B69-880C9D4A311F}" = MPLAB Tools v7.50
"{E7B7F75E-A83B-4F09-91B4-44E2156524D1}" = Logger Pro 3.4.6
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"Any Video Converter_is1" = Any Video Converter 2.5.9
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"CCleaner" = CCleaner (remove only)
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1044)
"Google Desktop" = Google Desktop
"gtw_logo" = gtw_logo
"HijackThis" = HijackThis 2.0.2
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3D2F4CB7-4317-44E8-B840-E1A6345B3E44}" = PC VGA Camera
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{DF72189F-AC28-4545-8B69-880C9D4A311F}" = MPLAB Tools v7.50
"JazzBuddy" = JazzBuddy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"MechWarrior 3" = MechWarrior 3
"Mechwarrior CD Patch" = Mechwarrior CD Patch 1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MPLAB C18 v3.02 Student Edition" = MPLAB C18 v3.02 Student Edition
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Onyx" = Onyx
"Onyx_is1" = Onyx 3.0
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Rainlendar2" = Rainlendar2 (remove only)
"Rainmeter" = Rainmeter (remove only)
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tablet Driver" = Tablet
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPhlash" = WinPhlash
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.0.5
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2009 9:31:05 PM | Computer Name = REYNARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/1/2009 9:31:06 PM | Computer Name = REYNARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/1/2009 9:31:09 PM | Computer Name = REYNARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/1/2009 9:31:13 PM | Computer Name = REYNARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/1/2009 9:31:13 PM | Computer Name = REYNARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/1/2009 9:31:13 PM | Computer Name = REYNARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/1/2009 9:31:13 PM | Computer Name = REYNARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/19/2009 11:14:16 AM | Computer Name = REYNARD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3306, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/23/2009 4:26:58 AM | Computer Name = REYNARD | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3306, faulting module
unknown, version 0.0.0.0, fault address 0x1056b084.

Error - 2/23/2009 4:27:01 AM | Computer Name = REYNARD | Source = Application Error | ID = 1001
Description = Fault bucket 1156779528.

[ System Events ]
Error - 2/25/2009 8:46:31 PM | Computer Name = REYNARD | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 2/25/2009 10:09:55 PM | Computer Name = REYNARD | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DEWILDE-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{8ADFE757-EAF9-41E. The master browser is stopping or an election is
being forced.

Error - 2/26/2009 12:08:11 AM | Computer Name = REYNARD | Source = Dhcp | ID = 1002
Description = The IP address lease 172.16.188.246 for the Network Card with network
address 001302C18BD8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/26/2009 12:09:00 AM | Computer Name = REYNARD | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 2/26/2009 12:09:31 AM | Computer Name = REYNARD | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 2/26/2009 11:51:28 AM | Computer Name = REYNARD | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001302C18BD8. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/27/2009 3:44:02 AM | Computer Name = REYNARD | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 2/28/2009 1:51:19 PM | Computer Name = REYNARD | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 2/28/2009 1:54:36 PM | Computer Name = REYNARD | Source = Service Control Manager | ID = 7034
Description = The Photoshop Elements Device Connect service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/1/2009 8:49:37 PM | Computer Name = REYNARD | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-01 17:30:03
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xABE8E9D2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xABE8EA69]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xABE8E97D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xABE8E996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xABE8EA7D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xABE8EAA9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xABE8EB17]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xABE8EB01]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xABE8EA12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xABE8EB43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xABE8EA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xABE8E950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xABE8E964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xABE8E9E6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xABE8EB7F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xABE8EAEB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xABE8EAD5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xABE8EA93]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xABE8EB6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xABE8EB57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xABE8E9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xABE8E9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xABE8EABF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xABE8EA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xABE8EB2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xABE8EA28]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xABE8E9FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP ABE8EA00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP ABE8E9D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP ABE8EA16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP ABE8EA2C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP ABE8E9EA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP ABE8E954 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP ABE8E968 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP ABE8E9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP ABE8E99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 3 Bytes JMP ABE8E981 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess + 4 805D11FC 1 Byte [ 2B ]
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 3 Bytes JMP ABE8E9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread + 4 805D1706 1 Byte [ 2B ]
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 3 Bytes JMP ABE8EA45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess + 4 805D29AE 1 Byte [ 2B ]
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP ABE8EAD9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP ABE8EAC3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP ABE8EB31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP ABE8EAEF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP ABE8EA97 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP ABE8EA6D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP ABE8EA81 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP ABE8EAAD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP ABE8EB1B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP ABE8EB05 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP ABE8EA59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP ABE8EB83 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP ABE8EB5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP ABE8EB6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP ABE8EB47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\windows\System32\svchost.exe[384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80000
.text C:\windows\System32\svchost.exe[384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F83
.text C:\windows\System32\svchost.exe[384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F80F94
.text C:\windows\System32\svchost.exe[384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80062
.text C:\windows\System32\svchost.exe[384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80FA5
.text C:\windows\System32\svchost.exe[384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80036
.text C:\windows\System32\svchost.exe[384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F800C1
.text C:\windows\System32\svchost.exe[384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F800A4
.text C:\windows\System32\svchost.exe[384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80108
.text C:\windows\System32\svchost.exe[384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F800F7
.text C:\windows\System32\svchost.exe[384] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F80F54
.text C:\windows\System32\svchost.exe[384] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F80047
.text C:\windows\System32\svchost.exe[384] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F8001B
.text C:\windows\System32\svchost.exe[384] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F80093
.text C:\windows\System32\svchost.exe[384] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F80FCA
.text C:\windows\System32\svchost.exe[384] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F80FE5
.text C:\windows\System32\svchost.exe[384] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F800DC
.text C:\windows\System32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F70FE5
.text C:\windows\System32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F7007D
.text C:\windows\System32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F70036
.text C:\windows\System32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F70011
.text C:\windows\System32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F7006C
.text C:\windows\System32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F70000
.text C:\windows\System32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00F7005B
.text C:\windows\System32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F70FD4
.text C:\windows\System32\svchost.exe[384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[656] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\windows\system32\services.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\windows\system32\services.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070FA8
.text C:\windows\system32\services.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070093
.text C:\windows\system32\services.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070082
.text C:\windows\system32\services.exe[952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007005B
.text C:\windows\system32\services.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FC3
.text C:\windows\system32\services.exe[952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F72
.text C:\windows\system32\services.exe[952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F83
.text C:\windows\system32\services.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070101
.text C:\windows\system32\services.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700F0
.text C:\windows\system32\services.exe[952] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F43
.text C:\windows\system32\services.exe[952] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0007004A
.text C:\windows\system32\services.exe[952] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00070FEF
.text C:\windows\system32\services.exe[952] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 000700AE
.text C:\windows\system32\services.exe[952] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0007002F
.text C:\windows\system32\services.exe[952] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FDE
.text C:\windows\system32\services.exe[952] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000700D5
.text C:\windows\system32\services.exe[952] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060FC3
.text C:\windows\system32\services.exe[952] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060F83
.text C:\windows\system32\services.exe[952] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060FD4
.text C:\windows\system32\services.exe[952] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0006000A
.text C:\windows\system32\services.exe[952] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060040
.text C:\windows\system32\services.exe[952] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060FEF
.text C:\windows\system32\services.exe[952] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00060025
.text C:\windows\system32\services.exe[952] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060F9E
.text C:\windows\system32\services.exe[952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\windows\system32\lsass.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F9000A
.text C:\windows\system32\lsass.exe[964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F900A2
.text C:\windows\system32\lsass.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90FAD
.text C:\windows\system32\lsass.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90087
.text C:\windows\system32\lsass.exe[964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90FCA
.text C:\windows\system32\lsass.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F9005B
.text C:\windows\system32\lsass.exe[964] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900BF
.text C:\windows\system32\lsass.exe[964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F77
.text C:\windows\system32\lsass.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900E4
.text C:\windows\system32\lsass.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F41
.text C:\windows\system32\lsass.exe[964] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F900F5
.text C:\windows\system32\lsass.exe[964] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F9006C
.text C:\windows\system32\lsass.exe[964] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F90025
.text C:\windows\system32\lsass.exe[964] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F90F92
.text C:\windows\system32\lsass.exe[964] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F90FEF
.text C:\windows\system32\lsass.exe[964] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F90036
.text C:\windows\system32\lsass.exe[964] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F90F52
.text C:\windows\system32\lsass.exe[964] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F80FCD
.text C:\windows\system32\lsass.exe[964] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F8006F
.text C:\windows\system32\lsass.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F80FDE
.text C:\windows\system32\lsass.exe[964] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F80FEF
.text C:\windows\system32\lsass.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F8005E
.text C:\windows\system32\lsass.exe[964] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F8000A
.text C:\windows\system32\lsass.exe[964] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F80FB2
.text C:\windows\system32\lsass.exe[964] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 18, 89 ]
.text C:\windows\system32\lsass.exe[964] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F80039
.text C:\windows\system32\lsass.exe[964] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60FEF
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02530FEF
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02530F94
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02530089
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02530078
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02530FAF
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02530036
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02530F4B
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02530F68
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025300BF
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02530F30
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02530F0B
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02530051
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02530FD4
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02530F83
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02530025
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02530014
.text C:\windows\system32\svchost.exe[1128] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 025300AE
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02520FC0
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02520F72
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02520FDB
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02520011
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02520F83
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02520000
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02520F94
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 72, 8A ]
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02520FAF
.text C:\windows\system32\svchost.exe[1128] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0FEF
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0F7C
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F97
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0071
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0054
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC001E
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0082
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F46
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC0F07
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC0F18
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DC00B1
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DC002F
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DC0FDE
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DC0F57
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DC0FBC
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DC0FCD
.text C:\windows\system32\svchost.exe[1196] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DC0F29
.text C:\windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DB0FC3
.text C:\windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DB0F83
.text C:\windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DB0FD4
.text C:\windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DB0014
.text C:\windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DB0040
.text C:\windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DB0FEF
.text C:\windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00DB002F
.text C:\windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DB0FA8
.text C:\windows\system32\svchost.exe[1196] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90000
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E00000
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E00F68
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E00F8D
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E00067
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E00F9E
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E00FB9
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E00095
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E00084
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E00F17
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E000B0
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02E000C1
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02E00040
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02E00FEF
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02E00F4D
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02E0002F
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02E00FD4
.text C:\windows\System32\svchost.exe[1236] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02E00F32
.text C:\windows\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02C10000
.text C:\windows\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02C1004E
.text C:\windows\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02C10FB9
.text C:\windows\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02C10FD4
.text C:\windows\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02C1003D
.text C:\windows\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02C10FE5
.text C:\windows\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 02C1002C
.text C:\windows\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02C1001B
.text C:\windows\System32\svchost.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02A70FEF
.text C:\windows\System32\svchost.exe[1236] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02DF0FE5
.text C:\windows\System32\svchost.exe[1236] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02DF0000
.text C:\windows\System32\svchost.exe[1236] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02DF0FD4
.text C:\windows\System32\svchost.exe[1236] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02DF0FAF
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650000
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F99
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065008E
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650FB6
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650073
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650047
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F61
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006500A9
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650F3F
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F50
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 006500F3
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00650058
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00650011
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00650F7E
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0065002C
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00650FDB
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 006500C4
.text C:\windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00640FDB
.text C:\windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00640058
.text C:\windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0064002C
.text C:\windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0064001B
.text C:\windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00640F9B
.text C:\windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0064000A
.text C:\windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00640FB6
.text C:\windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 84, 88 ]
.text C:\windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0064003D
.text C:\windows\Explorer.EXE[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01610000
.text C:\windows\Explorer.EXE[1568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01610078
.text C:\windows\Explorer.EXE[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01610F83
.text C:\windows\Explorer.EXE[1568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01610F9E
.text C:\windows\Explorer.EXE[1568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01610FB9
.text C:\windows\Explorer.EXE[1568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01610FD4
.text C:\windows\Explorer.EXE[1568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 016100B5
.text C:\windows\Explorer.EXE[1568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 016100A4
.text C:\windows\Explorer.EXE[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01610F3E
.text C:\windows\Explorer.EXE[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016100D7
.text C:\windows\Explorer.EXE[1568] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 016100E8
.text C:\windows\Explorer.EXE[1568] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0161005B
.text C:\windows\Explorer.EXE[1568] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01610FE5
.text C:\windows\Explorer.EXE[1568] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01610093
.text C:\windows\Explorer.EXE[1568] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01610040
.text C:\windows\Explorer.EXE[1568] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0161001B
.text C:\windows\Explorer.EXE[1568] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 016100C6
.text C:\windows\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 014F0011
.text C:\windows\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 014F0051
.text C:\windows\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 014F0FCA
.text C:\windows\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 014F0FDB
.text C:\windows\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 014F0F9E
.text C:\windows\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 014F0000
.text C:\windows\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 014F0FAF
.text C:\windows\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 6F, 89 ]
.text C:\windows\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 014F002C
.text C:\windows\Explorer.EXE[1568] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01500FEF
.text C:\windows\Explorer.EXE[1568] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01500FD4
.text C:\windows\Explorer.EXE[1568] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01500FC3
.text C:\windows\Explorer.EXE[1568] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01500FA8
.text C:\windows\Explorer.EXE[1568] WS2_32.dll!socket 71AB4211 5 Bytes JMP 017F000A
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00800000
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00800F5C
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00800051
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00800F83
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00800F94
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00800FB9
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008000A4
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00800093
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00800F37
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008000D0
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00800F26
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00800040
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00800FE5
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0080006C
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00800FCA
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0080001B
.text C:\windows\system32\svchost.exe[1780] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 008000BF
.text C:\windows\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007F0FD1
.text C:\windows\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007F0069
.text C:\windows\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007F002C
.text C:\windows\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007F0011
.text C:\windows\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007F0058
.text C:\windows\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007F0000
.text C:\windows\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 007F0047
.text C:\windows\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007F0FC0
.text C:\windows\system32\svchost.exe[1780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FE5
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0000
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC0F77
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC0F92
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0FAF
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0FC0
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0051
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC0F50
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0098
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC00BD
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC0F24
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00FC0F13
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00FC0062
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00FC0FE5
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00FC0087
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00FC0036
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00FC001B
.text C:\windows\system32\svchost.exe[1828] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00FC0F3F
.text C:\windows\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FA0F9E
.text C:\windows\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FA002F
.text C:\windows\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FA0FB9
.text C:\windows\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FA0FD4
.text C:\windows\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FA0F72
.text C:\windows\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FA0FEF
.text C:\windows\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00FA0F83
.text C:\windows\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 1A, 89 ]
.text C:\windows\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FA000A
.text C:\windows\system32\svchost.exe[1828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F80FE5
.text C:\windows\system32\svchost.exe[1828] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00FB0FEF
.text C:\windows\system32\svchost.exe[1828] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00FB0FDE
.text C:\windows\system32\svchost.exe[1828] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00FB001E
.text C:\windows\system32\svchost.exe[1828] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00FB0FCD
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE000A
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0080
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0F8B
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0065
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE004A
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0FA8
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE0F4E
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0F5F
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE00DD
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE00C2
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CE0F1F
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CE0039
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CE0FEF
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CE0F70
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CE0FC3
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CE0FD4
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!WinExec 7C8623AD 1 Byte [ E9 ]
.text C:\windows\system32\svchost.exe[2444] kernel32.dll!WinExec + 2 7C8623AF 3 Bytes [ DC, 47, 84 ]
.text C:\windows\system32\svchost.exe[2444] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CD0FCA
.text C:\windows\system32\svchost.exe[2444] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CD0F8A
.text C:\windows\system32\svchost.exe[2444] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CD0FEF
.text C:\windows\system32\svchost.exe[2444] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CD001B
.text C:\windows\system32\svchost.exe[2444] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CD0047
.text C:\windows\system32\svchost.exe[2444] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CD0000
.text C:\windows\system32\svchost.exe[2444] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CD0036
.text C:\windows\system32\svchost.exe[2444] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CD0FB9
.text C:\windows\system32\svchost.exe[2444] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CB0000
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0062
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F6D
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0051
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0040
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0025
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD00AB
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD008E
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD00E1
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0F48
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BD0F2D
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BD0F9E
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BD0FE5
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BD0073
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BD0FB9
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BD0FCA
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BD00C6
.text C:\windows\system32\svchost.exe[2636] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BC0036
.text C:\windows\system32\svchost.exe[2636] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BC0073
.text C:\windows\system32\svchost.exe[2636] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BC0FE5
.text C:\windows\system32\svchost.exe[2636] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BC001B
.text C:\windows\system32\svchost.exe[2636] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BC0058
.text C:\windows\system32\svchost.exe[2636] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BC000A
.text C:\windows\system32\svchost.exe[2636] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BC0047
.text C:\windows\system32\svchost.exe[2636] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F69
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A005E
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F90
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0043
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FAB
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A008A
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F44
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00D1
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00B6
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F1D
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0032
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A006F
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FBC
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FCD
.text C:\WINDOWS\system32\dllhost.exe[4008] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A009B
.text C:\WINDOWS\system32\dllhost.exe[4008] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\system32\dllhost.exe[4008] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A0F9B
.text C:\WINDOWS\system32\dllhost.exe[4008] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A0025
.text C:\WINDOWS\system32\dllhost.exe[4008] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A000A
.text C:\WINDOWS\system32\dllhost.exe[4008] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A0062
.text C:\WINDOWS\system32\dllhost.exe[4008] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\dllhost.exe[4008] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\dllhost.exe[4008] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A0036
.text C:\WINDOWS\system32\dllhost.exe[4008] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\prodrv06 \Device\ProDrv06 E21BE008
Device \Driver\prohlp02 \Device\ProHlp02 E101CBA0

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----


Hope I'm clean.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 01 March 2009 - 08:52 PM

Hello.

Those log does look clean but a few things we could remove since they are "dead" entires. Some programs you need to be warned.

Registry Cleaner(s) Warning
The following is referring to CCleaner's Registry Function

Please be aware that Bleeping Computer staff do not recommend the usage of registry cleaners/tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System. This could include making your computer inoperatable.
  • These programs generally only delete "orphaned" or "dead" entries. This merely removes entries that point to files that no longer exist on your computer. Registry entries do not take up a significant amount of hardrive space. The program itself (and its own registry entries) likely occupy relatively more space.
  • The amount of improvement in performance you gain is minimal.
This is done, assuming that the major audience here at this board may be inexperienced users and thus a suggested safeguard from our side.
If you feel that your have sufficient knowledge to use such tools safely, then you are welcome to keep using them

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

How to Restore from the ERUNT Backup

Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.


Run Script with OTListIT2

We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTLI
    O2 - BHO: (no name) - {155c5c82-d781-4056-b1cd-6655ce206715} - Reg Error: Key error. File not found
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
    O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
    O33 - MountPoints2\{796bc6b0-ab01-11dd-bfda-0016cee0f708}\Shell\AutoRun\command - "" = wdsync.exe
    @Alternate Data Stream - 88 bytes -> C:\windows\vidres.exe:SummaryInformation
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 0 bytes -> C:\windows\vidres.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\Desktop\Thumbs.db:encryptable
    :files
    C:\windows\System32\niruvihi
    :commands
    [EmptyTemp]
    [Reboot]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Run CCleaner's Cleaner function, to clear out all cookies, history, temporarily internet files etc... Just have the default options checked and run the Cleaner. Now run Kaspersky online scan.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Post back with:
-OTListIT Fix log
-Kaspersky log
-New OTList IT Scan log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Hwlan Larkin

Hwlan Larkin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 02 March 2009 - 12:57 AM

Ok. Kaspersky didn't find anything.


========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{155c5c82-d781-4056-b1cd-6655ce206715}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{155c5c82-d781-4056-b1cd-6655ce206715}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\Extra Button: Messenger\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp Reg Error: Value error.\ not found.
File Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{796bc6b0-ab01-11dd-bfda-0016cee0f708}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{796bc6b0-ab01-11dd-bfda-0016cee0f708}\ not found.
File not found.
ADS C:\windows\vidres.exe:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\windows\vidres.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} deleted successfully.
ADS C:\Documents and Settings\Administrator\Desktop\Thumbs.db:encryptable deleted successfully.
========== FILES ==========
C:\windows\System32\niruvihi moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\etilqs_P56oKWBfgoapg4UA8EwI scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\windows\temp\mcafee_OvqQ5Ds12C6Zjy6 scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\mcmsc_4db1n7QSO9tMUiR scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\mcmsc_L1IqwOEgPxt3Dm5 scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\mcmsc_uFo5fktzQmAtDzw scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\Perflib_Perfdata_1d0.dat scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\sqlite_CXHIPhTGgUktbBT scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\sqlite_rFZSwJG2mDXQSLG scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\sqlite_RzXJStmNqVzwjXp scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\sqlite_Ubam37g91t2n1j7 scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\sqlite_V3NEQQuvaNwyufZ scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\sqlite_W7rDLiW7Zgmixqg scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\sqlite_Z59B2aU8evDgXVL scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\WFVB.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.3.1 log created on 03012009_182647

Files moved on Reboot...
File C:\Documents and Settings\Administrator\Local Settings\temp\etilqs_P56oKWBfgoapg4UA8EwI not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\windows\temp\mcafee_OvqQ5Ds12C6Zjy6 not found!
File C:\windows\temp\mcmsc_4db1n7QSO9tMUiR not found!
File C:\windows\temp\mcmsc_L1IqwOEgPxt3Dm5 not found!
File C:\windows\temp\mcmsc_uFo5fktzQmAtDzw not found!
File C:\windows\temp\Perflib_Perfdata_1d0.dat not found!
C:\windows\temp\sqlite_CXHIPhTGgUktbBT moved successfully.
C:\windows\temp\sqlite_rFZSwJG2mDXQSLG moved successfully.
C:\windows\temp\sqlite_RzXJStmNqVzwjXp moved successfully.
C:\windows\temp\sqlite_Ubam37g91t2n1j7 moved successfully.
C:\windows\temp\sqlite_V3NEQQuvaNwyufZ moved successfully.
C:\windows\temp\sqlite_W7rDLiW7Zgmixqg moved successfully.
C:\windows\temp\sqlite_Z59B2aU8evDgXVL moved successfully.
File C:\windows\temp\WFVB.tmp not found!

Registry entries deleted on Reboot...




OTListIt logfile created on: 3/1/2009 9:50:50 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.3.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.90% Memory free
3.84 Gb Paging File | 2.78 Gb Available in Paging File | 72.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 87.29 Gb Total Space | 45.72 Gb Free Space | 52.38% Space Free | Partition Type: NTFS
Drive D: | 5.85 Gb Total Space | 2.67 Gb Free Space | 45.70% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REYNARD
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/08/02 00:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2006/08/02 00:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/03/14 12:34:38 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 19:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/02/21 17:25:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/05 15:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2004/10/04 03:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2006/08/21 05:49:52 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/08/02 00:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe
PRC - [2005/12/05 20:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/08/05 19:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/07/11 16:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2004/11/05 06:47:00 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/05 06:47:00 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/02/13 00:23:38 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\windows\stsystra.exe
PRC - [2006/01/19 21:34:26 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\windows\sm56hlpr.exe
PRC - [2006/08/02 00:38:30 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/08/02 00:32:44 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2008/04/24 12:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2009/02/21 17:25:54 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/10/30 10:01:16 | 00,392,832 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/08/02 00:27:54 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/08/19 20:32:28 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/03/14 12:42:18 | 00,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005/12/05 19:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/02/04 08:15:59 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/21 17:25:53 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/03/01 19:20:02 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\ScanningProcess.exe
PRC - [2009/03/01 19:20:02 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\ScanningProcess.exe
PRC - [2009/03/01 16:57:01 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/10/04 04:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor [Disabled | Stopped])
SRV - [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/03/14 12:34:38 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 19:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/08/02 00:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/02/09 16:28:11 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/02/21 17:25:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/12/05 15:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2008/06/20 13:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/05 19:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 10:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/07/20 19:58:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/10/04 03:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect [Auto | Running])
SRV - [2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2007/03/15 18:04:39 | 00,063,040 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
SRV - [2007/05/17 01:19:12 | 00,099,904 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped])
SRV - [2006/08/21 05:49:52 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2006/08/02 00:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/08/02 00:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Auto | Running])
SRV - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - [2005/12/05 20:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/01/19 23:36:41 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\windows\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\windows\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2001/08/17 19:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\windows\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 19:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\windows\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 19:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\windows\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2006/03/14 12:21:18 | 00,328,237 | ---- | M] (Broadcom Corporation.) -- C:\windows\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2006/03/14 12:15:34 | 00,030,427 | ---- | M] (Broadcom Corporation.) -- C:\windows\system32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Stopped])
DRV - [2006/03/14 12:18:00 | 00,851,402 | ---- | M] (Broadcom Corporation.) -- C:\windows\system32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2006/03/14 12:19:24 | 00,023,271 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
DRV - [2006/03/14 12:12:02 | 00,148,900 | ---- | M] (Broadcom Corporation.) -- C:\windows\system32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2006/03/14 12:10:56 | 00,045,683 | ---- | M] (Broadcom Corporation.) -- C:\windows\system32\DRIVERS\btwhid.sys -- (btwhid [On_Demand | Stopped])
DRV - [2006/03/14 12:14:52 | 00,065,784 | ---- | M] (Broadcom Corporation.) -- C:\windows\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2001/08/17 19:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\windows\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2005/02/17 07:19:16 | 00,339,984 | R--- | M] (Creative Technology Ltd) -- C:\windows\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2001/08/17 19:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\windows\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2005/09/14 18:24:08 | 00,179,200 | ---- | M] (Intel Corporation) -- C:\windows\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2009/03/01 17:09:01 | 00,085,969 | ---- | M] (GMER) -- C:\windows\System32\DRIVERS\gmer.sys -- (gmer [System | Running])
DRV - [2007/10/06 21:36:28 | 00,028,672 | ---- | M] (Gteko Ltd.) -- C:\windows\system32\DRIVERS\goprot51.sys -- (GoProto [On_Demand | Running])
DRV - [2006/08/06 14:06:16 | 00,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys -- (GPCIEnu1 [On_Demand | Stopped])
DRV - [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\windows\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/12/14 08:07:44 | 00,051,120 | R--- | M] (HP) -- C:\windows\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/12/14 08:07:44 | 00,016,496 | R--- | M] (HP) -- C:\windows\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/12/14 08:07:44 | 00,021,744 | R--- | M] (HP) -- C:\windows\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/10/12 12:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\windows\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor [Boot | Running])
DRV - [2008/06/27 06:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2008/06/27 06:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2008/06/27 06:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2008/06/20 05:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2008/06/27 06:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2008/06/02 14:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 19:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\windows\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2006/09/27 02:36:24 | 01,709,696 | ---- | M] (Intel® Corporation) -- C:\windows\system32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
DRV - [2006/07/20 19:58:00 | 03,685,152 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/10/18 11:48:38 | 00,154,752 | ---- | M] (PixArt Imaging Inc.) -- C:\windows\system32\DRIVERS\PA707UCM.SYS -- (PAC7311 [On_Demand | Stopped])
DRV - [2005/11/29 20:50:42 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\windows\system32\Drivers\PenClass.sys -- (PenClass [Boot | Running])
DRV - [2007/05/17 01:19:16 | 00,022,584 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
DRV - [2004/01/26 07:01:28 | 00,052,224 | ---- | M] (Protection Technology) -- C:\windows\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2004/01/26 07:36:35 | 00,095,552 | ---- | M] (Protection Technology) -- C:\windows\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2004/08/10 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/13 00:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 19:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\windows\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 19:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\windows\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 19:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\windows\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2006/08/02 01:27:48 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\windows\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2008/11/17 15:11:06 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/11/17 15:11:08 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2008/11/17 15:11:04 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/08/06 14:06:14 | 00,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2 [On_Demand | Stopped])
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003/07/16 14:27:40 | 00,043,264 | ---- | M] (Prolific Technology Inc.) -- C:\windows\system32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2003/12/01 07:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\windows\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\windows\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2006/01/19 21:44:42 | 00,862,340 | ---- | M] (Motorola Inc.) -- C:\windows\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2001/08/17 20:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\windows\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2006/02/13 00:26:02 | 01,106,888 | ---- | M] (SigmaTel, Inc.) -- C:\windows\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 20:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\windows\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 20:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\windows\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 20:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\windows\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 20:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\windows\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/11/05 06:47:00 | 00,185,824 | ---- | M] (Synaptics, Inc.) -- C:\windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/09/20 23:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\windows\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2001/08/17 19:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\windows\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/04/13 10:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/08/01 01:58:42 | 00,009,600 | R--- | M] (VMware, Inc.) -- C:\windows\system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Stopped])
DRV - [2005/12/04 23:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\windows\system32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Stopped])
DRV - [2005/03/21 04:05:46 | 00,333,620 | ---- | M] (Jungo) -- C:\windows\system32\drivers\windrvr6.sys -- (WinDriver6 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=NX860X
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=NX860X
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\S-1-5-21-2454426937-4293005386-1802504269-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.84
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.0
FF - prefs.js..extensions.enabledItems: video-dowloader@magic-imv.ro:2.2.280608
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - prefs.js..extensions.enabledItems: {2b84da20-6449-11dd-ad8b-0800200c9a66}:1.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2008/12/21 08:11:55 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/21 17:25:56 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/02/15 11:37:46 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/23 12:38:51 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2008/09/12 23:16:56 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/09/12 23:16:56 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions [2009/03/01 19:39:07 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions\{2b84da20-6449-11dd-ad8b-0800200c9a66} [2008/09/20 01:21:04 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2008/11/18 20:49:08 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/02/19 00:23:55 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/01/03 00:25:29 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wps32njx.default\extensions\video-dowloader@magic-imv.ro [2008/07/14 18:49:07 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/01 19:39:07 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/04 08:16:07 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/02/21 17:26:30 00,000,000 | ---D | M]

O1 HOSTS File: (296543 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10268 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet /nodetect ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-2454426937-4293005386-1802504269-500\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (Reg Error: Key error.)
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://asp.mathxl.com/applets/PearsonInstallAsst.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1156738798890 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1156738794812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 01:41:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/02 17:24:51 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{126f56a6-800b-11db-be3f-0016cee0f708}\Shell - "" = AutoRun
O33 - MountPoints2\{126f56a6-800b-11db-be3f-0016cee0f708}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{126f56a6-800b-11db-be3f-0016cee0f708}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{76527888-364b-11db-bdcf-0016cee0f708}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\windows\*.tmp files]
[2009/03/01 18:26:47 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/01 18:25:08 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/03/01 18:25:05 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/03/01 18:25:05 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/03/01 18:25:04 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/01 18:21:12 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/03/01 17:35:43 | 03,184,816 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup217.exe
[2009/03/01 17:09:04 | 00,000,345 | ---- | C] () -- C:\windows\gmer.ini
[2009/03/01 17:09:01 | 00,884,736 | ---- | C] () -- C:\windows\gmer.dll
[2009/03/01 17:09:01 | 00,811,008 | ---- | C] () -- C:\windows\gmer.exe
[2009/03/01 17:09:01 | 00,085,969 | ---- | C] (GMER) -- C:\windows\System32\drivers\gmer.sys
[2009/03/01 17:09:01 | 00,000,080 | ---- | C] () -- C:\windows\gmer_uninstall.cmd
[2009/03/01 17:07:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2009/03/01 17:05:54 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2009/03/01 16:57:01 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/02/25 20:09:09 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/25 18:17:58 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Rewards.xls
[2009/02/25 16:55:07 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\shintoreport.doc
[2009/02/24 01:13:28 | 21,666,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\54252.flv
[2009/02/23 13:30:11 | 00,013,374 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Graph A.ga3
[2009/02/23 12:44:57 | 18,443,6736 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\[StrikeS] Kemeko DX 02 [704x400][XviD][43F669A4].avi
[2009/02/23 12:38:40 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/02/23 08:39:43 | 18,445,7216 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\[StrikeS] Kemeko DX 01 [704x400][XviD][204C4A69].avi
[2009/02/22 15:41:00 | 25,506,535 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\spacehulk_full_v1_0.zip
[2009/02/21 00:05:35 | 00,000,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/02/21 00:05:35 | 00,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/02/20 16:50:36 | 21,455,05280 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/20 01:16:19 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/02/20 00:13:37 | 00,000,000 | -HSD | C] -- C:\windows\CSC
[2009/02/20 00:11:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2009/02/19 16:57:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\graaaahhh
[2009/02/18 21:02:58 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe
[2009/02/16 16:45:51 | 09,986,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Saisho No Evangelion Shoki Settei No Shoujotachi.rar
[2009/02/15 11:02:46 | 00,147,560 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20090215_110244.reg
[2009/02/10 20:05:01 | 14,302,111 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Evangelion_dj-2008_Omake_Hon_Soushuuhen_Sono_1_trans_CGRascal.rar
[2009/02/06 01:21:37 | 02,715,366 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wax20e.zip
[2009/02/04 19:14:16 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2009/02/04 19:14:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore

========== Files - Modified Within 30 Days ==========

[13 C:\windows\System32\*.tmp files]
[1 C:\windows\*.tmp files]
[2009/03/01 19:19:20 | 00,026,308 | ---- | M] () -- C:\windows\System32\Config.MPF
[2009/03/01 18:33:26 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2009/03/01 18:30:02 | 00,051,048 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2009/03/01 18:29:30 | 00,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/03/01 18:29:05 | 00,000,338 | ---- | M] () -- C:\windows\System32\tablet.dat
[2009/03/01 18:28:58 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/03/01 18:28:55 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/03/01 18:28:52 | 21,455,05280 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/01 18:25:08 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/03/01 18:25:05 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/03/01 18:25:05 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/03/01 18:21:14 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/03/01 17:35:50 | 03,184,816 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup217.exe
[2009/03/01 17:14:07 | 00,000,345 | ---- | M] () -- C:\windows\gmer.ini
[2009/03/01 17:09:01 | 00,884,736 | ---- | M] () -- C:\windows\gmer.dll
[2009/03/01 17:09:01 | 00,085,969 | ---- | M] (GMER) -- C:\windows\System32\drivers\gmer.sys
[2009/03/01 17:09:01 | 00,000,080 | ---- | M] () -- C:\windows\gmer_uninstall.cmd
[2009/03/01 17:05:54 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2009/03/01 16:57:01 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/02/28 00:02:49 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\shintoreport.doc
[2009/02/25 18:37:53 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Rewards.xls
[2009/02/24 01:13:28 | 21,666,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\54252.flv
[2009/02/23 19:56:54 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Title sheet.doc
[2009/02/23 13:48:55 | 00,013,374 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Graph A.ga3
[2009/02/23 12:52:05 | 18,443,6736 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\[StrikeS] Kemeko DX 02 [704x400][XviD][43F669A4].avi
[2009/02/23 12:38:40 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/02/23 12:38:11 | 00,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2009/02/23 08:39:26 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/23 08:38:15 | 18,445,7216 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\[StrikeS] Kemeko DX 01 [704x400][XviD][204C4A69].avi
[2009/02/22 15:42:38 | 25,506,535 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\spacehulk_full_v1_0.zip
[2009/02/21 00:05:38 | 00,000,802 | ---- | M] () -- C:\windows\win.ini
[2009/02/21 00:05:38 | 00,000,282 | ---- | M] () -- C:\windows\system.ini
[2009/02/20 00:20:42 | 02,924,170 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/02/19 00:08:37 | 00,296,543 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2009/02/18 21:03:01 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe
[2009/02/18 15:09:30 | 02,115,082 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/02/16 16:46:39 | 09,986,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Saisho No Evangelion Shoki Settei No Shoujotachi.rar
[2009/02/15 11:03:06 | 00,147,560 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20090215_110244.reg
[2009/02/12 22:44:48 | 00,291,346 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090219-000837.backup
[2009/02/12 20:11:41 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/02/10 20:07:37 | 14,302,111 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Evangelion_dj-2008_Omake_Hon_Soushuuhen_Sono_1_trans_CGRascal.rar
[2009/02/06 01:21:45 | 02,715,366 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wax20e.zip
[2009/02/05 07:09:54 | 00,002,675 | -H-- | M] () -- C:\IPH.PH
[2009/02/04 19:14:14 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
< End of report >

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 02 March 2009 - 03:47 PM

Hello.

Good that Kaspersky didn't find anything. Let's cleanup then. Those log looks fine. :step5:


Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :)

Download and Run OTCleanIt

We will now remove the tools we used during this fix.
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed witht the cleanup process, click Yes. Restart your computer when prompted.
Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.


Congratulations! You now appear clean! :step1: :) :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :step4:


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Hwlan Larkin

Hwlan Larkin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 02 March 2009 - 10:48 PM

Thank you very much, everything is running smooth now. You can close this topic now, thank you once again.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 03 March 2009 - 01:02 PM

You're welcome.

Happy surfing again :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 03 March 2009 - 01:03 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad I could help :thumbup2:
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users