Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this file below: Virus scans and malware find nothing


  • Please log in to reply
3 replies to this topic

#1 timebandit

timebandit

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 29 August 2009 - 07:45 AM

Good morning, I have run multiple virus scans and malware scans both in regular and safe mode and they run clean each time now after they found a couple of trojan viruses two days ago. The issue is that I am noticing a huge amount of web traffic even when I am not running anything on my end. When I run TCPView it shows many "hits" of ip's from Russia and other countries as well. What can I do to delete or change whatever is causing this and is not found by the antivirus/malware programs?

Any help would be greatly appreciated!

Thanks in advance, TimeBandit

gfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:56 AM, on 8/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\D-Tools\daemon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\mset.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\Temporary Directory 3 for TCPView.zip\Tcpview.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\Orb Networks\Orb\bin\xmltv.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\par-Jason\cache-e68ad782a636923d69e9e72af0377d80310d3c5b\xmltv.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso9/d...mp;dtag=fnp4r61
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mset] C:\WINDOWS\system32\mset.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [Nlononotudoka] rundll32.exe "C:\WINDOWS\ayodutibofepo.dll",e
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [mset] C:\Documents and Settings\Jason\mset.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O23 - Service: McAfee Application Installer Cleanup (0095651248528254) (0095651248528254mcinstcleanup) - Unknown owner - C:\DOCUME~1\Jason\LOCALS~1\Temp\009565~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 14648 bytes

TCPView
mDNSResponder.exe:1876 TCP OFFICEDELL:5354 OFFICEDELL:0 LISTENING
OrbTray.exe:3036 TCP OFFICEDELL:1092 OFFICEDELL:0 LISTENING
TiVoTransfer.exe:2340 TCP OFFICEDELL:8200 OFFICEDELL:0 LISTENING
SlingAgentService.exe:1704 TCP OFFICEDELL:1024 OFFICEDELL:0 LISTENING
System:4 TCP OFFICEDELL:microsoft-ds OFFICEDELL:0 LISTENING
wcescomm.exe:1960 TCP OFFICEDELL:5679 OFFICEDELL:0 LISTENING
AppleMobileDeviceService.exe:1856 TCP OFFICEDELL:27015 OFFICEDELL:0 LISTENING
svchost.exe:1008 TCP OFFICEDELL:epmap OFFICEDELL:0 LISTENING
TiVoBeacon.exe:164 TCP OFFICEDELL:2190 OFFICEDELL:0 LISTENING
TiVoBeacon.exe:164 TCP OFFICEDELL:8100 OFFICEDELL:0 LISTENING
svchost.exe:1440 TCP OFFICEDELL:2869 OFFICEDELL:0 LISTENING
OrbTray.exe:3036 TCP OFFICEDELL:1075 OFFICEDELL:0 LISTENING
McNASvc.exe:244 TCP OFFICEDELL:6646 OFFICEDELL:0 LISTENING
System:4 TCP officedell:netbios-ssn OFFICEDELL:0 LISTENING
OrbTray.exe:3036 TCP OFFICEDELL:29831 OFFICEDELL:0 LISTENING
TiVoTransfer.exe:2340 TCP OFFICEDELL:8200 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:13207 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:13021 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:12959 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:954 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:12971 OFFICEDELL:0 LISTENING
OrbTray.exe:3036 TCP OFFICEDELL:52892 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:12929 OFFICEDELL:0 LISTENING
OrbTray.exe:3036 TCP OFFICEDELL:12898 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:13007 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:12988 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:13023 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:13027 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:12946 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:12985 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:9500 OFFICEDELL:0 LISTENING
OrbTray.exe:3036 TCP OFFICEDELL:54782 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:13005 OFFICEDELL:0 LISTENING
Orb.exe:2948 TCP OFFICEDELL:12920 OFFICEDELL:0 LISTENING
svchost.exe:1276 TCP officedell:5152 mail555.messagelabs.com:smtp SYN_SENT
svchost.exe:1276 TCP officedell:5209 mail171.messagelabs.com:smtp SYN_SENT
OrbTray.exe:3036 TCP officedell:5212 officedell:1320 SYN_SENT
svchost.exe:1276 TCP officedell:4958 mail.wbdf.com:smtp SYN_SENT
svchost.exe:1276 TCP officedell:28331 198.64.146.50:https SYN_SENT
svchost.exe:1276 TCP officedell:28312 transactor.ru:https SYN_SENT
svchost.exe:1276 TCP officedell:28281 82.198.171.192:https SYN_SENT
svchost.exe:1276 TCP officedell:28316 142.205.233.80:https SYN_SENT
svchost.exe:1276 TCP officedell:28303 170.148.0.77:https SYN_SENT
svchost.exe:1276 TCP officedell:28335 170.148.0.77:https SYN_SENT
svchost.exe:1276 TCP officedell:28310 stormpay.com:https SYN_SENT
svchost.exe:1276 TCP officedell:28338 198.64.146.50:https SYN_SENT
svchost.exe:1276 TCP officedell:28287 transactor.ru:https SYN_SENT
svchost.exe:1276 TCP officedell:28320 82.198.171.192:https SYN_SENT
svchost.exe:1276 TCP officedell:28336 82.198.171.192:https SYN_SENT
svchost.exe:1276 TCP officedell:28306 170.148.0.77:https SYN_SENT
svchost.exe:1276 TCP officedell:28290 82.198.171.192:https SYN_SENT
svchost.exe:1276 TCP officedell:28314 mail7.hsphere.cc:smtp SYN_SENT
svchost.exe:1276 TCP officedell:28323 transactor.ru:https SYN_SENT
svchost.exe:1276 TCP officedell:28339 transactor.ru:https SYN_SENT
svchost.exe:1276 TCP officedell:28292 82.198.171.192:https SYN_SENT
OrbTray.exe:3036 TCP OFFICEDELL:1076 localhost:29831 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:29831 localhost:1076 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:1093 localhost:29831 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:29831 localhost:13244 ESTABLISHED
iTunesHelper.exe:3524 TCP OFFICEDELL:1049 localhost:27015 ESTABLISHED
AppleMobileDeviceService.exe:1856 TCP OFFICEDELL:27015 localhost:1049 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:29831 localhost:12921 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:1073 localhost:29831 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:1074 localhost:29831 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:29831 localhost:12932 ESTABLISHED
svchost.exe:1276 TCP officedell:2688 hosted-by.leaseweb.com:https ESTABLISHED
svchost.exe:1276 TCP officedell:4351 216.178.7.253:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5176 202.108.3.242:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5211 smtp1.laposte.net:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5188 mxin5.lsn.net:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5177 202.108.3.242:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:4720 mail0.altelco.net:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:4750 mail555.messagelabs.com:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5204 66.133.129.79:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:4163 216.178.7.253:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5180 mx1.optonline.net:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:4950 mail.epals.com:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:4724 mail0.altelco.net:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5182 inbound.localnet.com:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5202 mailin.iastate.edu:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5196 mail.triton.net:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5208 smtp.mail.drexel.edu:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5183 inbound.localnet.com:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5207 spambox.smsu.edu:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5203 mailin.iastate.edu:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:4761 sj-inbound-a.cisco.com:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5169 external-relay.indiana.edu:smtp ESTABLISHED
svchost.exe:1276 TCP officedell:5200 mail.triton.net:smtp ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:12932 localhost:29831 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:12920 localhost:13149 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:13157 localhost:12920 ESTABLISHED
Orb.exe:2948 TCP officedell:12971 officedell:13134 ESTABLISHED
Orb.exe:2948 TCP officedell:13134 officedell:12971 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:12971 localhost:13107 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:13107 localhost:12971 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:20157 localhost:1075 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:1075 localhost:20157 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:12921 localhost:29831 ESTABLISHED
svchost.exe:1276 TCP officedell:6223 personas-services.nslb.sj.mozilla.com:https ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:13244 localhost:29831 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:12972 localhost:29831 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:29831 localhost:12960 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:13149 localhost:12920 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:12920 localhost:13138 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:13118 localhost:12920 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:12960 localhost:29831 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:29831 localhost:1074 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:13138 localhost:12920 ESTABLISHED
Orb.exe:2948 TCP OFFICEDELL:12947 localhost:29831 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:29831 localhost:12899 ESTABLISHED
OrbTray.exe:3036 TCP OFFICEDELL:12899 localhost:29831 ESTABLISHED
svchost.exe:1276 TCP officedell:4951 mail.epals.com:smtp FIN_WAIT2
svchost.exe:1276 TCP officedell:2698 87.106.254.245:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:2770 byblos.torproject.org:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:2653 87.106.254.245:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:2717 87.106.254.245:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:2854 ns2.km33422.keymachine.de:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:2735 87.106.254.245:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:2699 ns2.km33422.keymachine.de:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:2846 ns2.km33422.keymachine.de:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:2696 87.106.254.245:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:28298 87.106.254.245:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:28322 secure.nai.com:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:28291 byblos.torproject.org:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:28302 87.106.254.245:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:28340 bigip-metalink-adc-v9.oracle.com:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:28289 87.106.254.245:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:28328 bigip-metalink-adc-v9.oracle.com:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:28285 ns2.km33422.keymachine.de:https CLOSE_WAIT
svchost.exe:1276 TCP officedell:28311 87.106.254.245:https CLOSE_WAIT
[System Process]:0 TCP OFFICEDELL:8100 localhost:2535 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:4896 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:4767 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:4175 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:4158 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8100 localhost:4837 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8100 localhost:5185 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:5164 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8100 localhost:28166 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:4812 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:4586 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:4506 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:4186 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:4985 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28162 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28242 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28304 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28123 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28171 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28186 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28249 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8100 localhost:28245 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28264 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28136 TIME_WAIT
[System Process]:0 TCP officedell:4964 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4151 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4887 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4172 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4283 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4140 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4700 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4424 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4790 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4734 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:5078 202.108.3.242:smtp TIME_WAIT
[System Process]:0 TCP officedell:5109 inbound.localnet.com:smtp TIME_WAIT
[System Process]:0 TCP officedell:4110 mail7.hsphere.cc:smtp TIME_WAIT
[System Process]:0 TCP officedell:4869 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4152 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4926 svc.iolo.com:http TIME_WAIT
[System Process]:0 TCP officedell:4398 svc.iolo.com:http TIME_WAIT
[System Process]:0 TCP officedell:4647 211.157.101.189:smtp TIME_WAIT
[System Process]:0 TCP officedell:4412 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4445 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4275 mailgate.indstate.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4556 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4828 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4941 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:5004 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4989 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4521 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4905 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4098 mx.svc.telus.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4870 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4153 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4201 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4655 svc.iolo.com:http TIME_WAIT
[System Process]:0 TCP officedell:4174 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4782 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4856 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4736 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:5080 202.108.3.242:smtp TIME_WAIT
[System Process]:0 TCP officedell:4147 mx.svc.telus.net:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4170 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4154 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:5051 mailin.iastate.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4366 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4910 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4751 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4927 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4875 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4833 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4968 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4203 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4171 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4290 mime.perodua.com.my:smtp TIME_WAIT
[System Process]:0 TCP officedell:4756 cohsf.cityofhouston.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4496 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4176 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4278 mailgate.indstate.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4400 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4415 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4746 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:5010 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4914 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4834 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4380 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:5053 mailin.iastate.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:5149 mailin.iastate.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4269 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4657 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4784 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:5099 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:5061 marble.its.maine.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4787 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4134 mx.svc.telus.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4810 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4381 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:5150 mailin.iastate.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4758 cohsf.cityofhouston.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4146 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4802 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4558 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:5127 mxin5.lsn.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4788 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4811 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:5118 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4466 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4271 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4591 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4829 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4749 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4973 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:5157 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:5020 inbound.localnet.com:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4479 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:5023 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:5119 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4132 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4180 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4615 142.46.208.222:smtp TIME_WAIT
[System Process]:0 TCP officedell:4800 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4830 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:5064 marble.its.maine.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4643 s8a1.psmtp.com:smtp TIME_WAIT
[System Process]:0 TCP officedell:5034 mail.triton.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:5021 inbound.localnet.com:smtp TIME_WAIT
[System Process]:0 TCP officedell:4121 mx.svc.telus.net:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4480 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:5184 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:5024 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4166 svc.iolo.com:http TIME_WAIT
[System Process]:0 TCP officedell:4468 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4369 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4948 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4895 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:5113 66.133.129.79:smtp TIME_WAIT
[System Process]:0 TCP officedell:5036 mail.triton.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:5132 mail.triton.net:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4226 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4658 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4722 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4518 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4167 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:5094 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4967 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:5031 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4694 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4371 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4835 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4755 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:5114 66.133.129.79:smtp TIME_WAIT
[System Process]:0 TCP officedell:4633 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4873 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4675 sitemail.everyone.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4912 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4563 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4659 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4723 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4915 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4105 svc.iolo.com:http TIME_WAIT
[System Process]:0 TCP officedell:4472 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4279 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4519 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4930 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:5026 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4932 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4874 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4913 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4753 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4564 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4836 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4916 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4600 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4425 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4872 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4635 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4762 sj-inbound-a.cisco.com:smtp TIME_WAIT
[System Process]:0 TCP officedell:4754 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:5058 external-relay.indiana.edu:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28215 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4453 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4122 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4106 vip1.anycast.cachefly.com:http TIME_WAIT
[System Process]:0 TCP officedell:4470 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:5084 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:4956 smtp.mail.drexel.edu:smtp TIME_WAIT
[System Process]:0 TCP officedell:5136 mail.triton.net:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4454 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:8200 localhost:28294 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:4886 localhost:8100 TIME_WAIT
[System Process]:0 TCP officedell:4291 ip-72-167-47-17.ip.secureserver.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4362 smtp-test.indigo.ie:smtp TIME_WAIT
[System Process]:0 TCP officedell:4423 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4471 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:4789 mx1.optonline.net:smtp TIME_WAIT
[System Process]:0 TCP officedell:4663 mail.splio.fr:smtp TIME_WAIT
[System Process]:0 TCP officedell:5108 inbound.localnet.com:smtp TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28295 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28265 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28169 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28266 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28187 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28299 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28267 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28188 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28300 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28301 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28126 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28127 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28208 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28274 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28130 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28163 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28243 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28244 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28164 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28212 localhost:8100 TIME_WAIT
[System Process]:0 TCP OFFICEDELL:28133 localhost:8100 TIME_WAIT
TiVoBeacon.exe:164 UDP OFFICEDELL:2190 *:*
lsass.exe:724 UDP OFFICEDELL:isakmp *:*
spoolsv.exe:1568 UDP OFFICEDELL:1043 *:*
System:4 UDP officedell:netbios-ns *:*
mDNSResponder.exe:1876 UDP OFFICEDELL:50865 *:*
System:4 UDP officedell:netbios-dgm *:*
svchost.exe:1160 UDP OFFICEDELL:ntp *:*
mDNSResponder.exe:1876 UDP OFFICEDELL:1025 *:*
svchost.exe:1160 UDP officedell:ntp *:*
mDNSResponder.exe:1876 UDP officedell:5353 *:*
svchost.exe:1440 UDP OFFICEDELL:1900 *:*
lsass.exe:724 UDP OFFICEDELL:4500 *:*
System:4 UDP OFFICEDELL:microsoft-ds *:*
svchost.exe:1440 UDP officedell:1900 *:*
svchost.exe:1368 UDP OFFICEDELL:10820 *:*
svchost.exe:1276 UDP OFFICEDELL:5253 *:*
svchost.exe:1276 UDP OFFICEDELL:5238 *:*
svchost.exe:1276 UDP OFFICEDELL:5242 *:*
svchost.exe:1276 UDP OFFICEDELL:5250 *:*
svchost.exe:1368 UDP OFFICEDELL:47419 *:*
svchost.exe:1276 UDP OFFICEDELL:5258 *:*
svchost.exe:1276 UDP OFFICEDELL:5239 *:*
svchost.exe:1276 UDP OFFICEDELL:5243 *:*
svchost.exe:1276 UDP OFFICEDELL:5255 *:*
svchost.exe:1276 UDP OFFICEDELL:5259 *:*
svchost.exe:1276 UDP OFFICEDELL:5232 *:*
iexplore.exe:2936 UDP OFFICEDELL:4024 *:*
svchost.exe:1276 UDP OFFICEDELL:5240 *:*
svchost.exe:1276 UDP OFFICEDELL:5248 *:*
svchost.exe:1276 UDP OFFICEDELL:5252 *:*
svchost.exe:1276 UDP OFFICEDELL:5256 *:*
svchost.exe:1276 UDP OFFICEDELL:5237 *:*
svchost.exe:1276 UDP OFFICEDELL:5241 *:*
Orb.exe:2948 UDP officedell:30004 *:*
Orb.exe:2948 UDP officedell:30008 *:*
Orb.exe:2948 UDP officedell:30012 *:*
McNASvc.exe:244 UDP officedell:6646 *:*
OrbTray.exe:3036 UDP OFFICEDELL:1900 *:*
Orb.exe:2948 UDP OFFICEDELL:1900 *:*
Orb.exe:2948 UDP officedell:30001 *:*
Orb.exe:2948 UDP officedell:30005 *:*
Orb.exe:2948 UDP officedell:30009 *:*
Orb.exe:2948 UDP officedell:30013 *:*
OrbTray.exe:3036 UDP OFFICEDELL:62733 *:*
Orb.exe:2948 UDP officedell:30002 *:*
Orb.exe:2948 UDP officedell:30006 *:*
OrbTray.exe:3036 UDP OFFICEDELL:54782 *:*
Orb.exe:2948 UDP officedell:30010 *:*
Orb.exe:2948 UDP officedell:30014 *:*
Orb.exe:2948 UDP officedell:30003 *:*
Orb.exe:2948 UDP officedell:30007 *:*
Orb.exe:2948 UDP officedell:30011 *:*
svchost.exe:1440 UDP OFFICEDELL:1900 *:*
Orb.exe:2948 UDP officedell:30015 *:*
svchost.exe:1440 UDP officedell:1900 *:*

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:24 AM

Posted 30 August 2009 - 11:31 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 timebandit

timebandit
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 30 August 2009 - 08:42 PM

Good evening Sam, thanks for offering to help with my issues. Please find the requested logs pasted below for reference.

OTL logfile created on: 8/30/2009 3:57:57 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 38.68% Memory free
2.35 Gb Paging File | 1.53 Gb Available in Paging File | 64.97% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.69 Gb Total Space | 0.97 Gb Free Space | 1.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 233.76 Gb Total Space | 42.18 Gb Free Space | 18.04% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.86 Gb Free Space | 100.00% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICEDELL
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/06/17 13:49:44 | 00,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2007/09/26 13:55:04 | 00,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2009/05/01 15:34:14 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/04/09 08:18:50 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/09 11:46:14 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/05/13 23:24:26 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2009/05/08 16:26:32 | 00,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/09/21 18:01:22 | 00,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/07/22 22:44:50 | 01,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2006/07/11 08:22:40 | 00,857,088 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
PRC - [2000/06/26 09:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2009/05/01 15:34:14 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/02/06 12:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2003/09/17 12:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2009/05/08 09:33:16 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2004/10/12 18:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/08/22 17:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
PRC - [2004/11/16 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003/12/17 10:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\em_exec.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/12/20 13:38:56 | 00,557,056 | ---- | M] () -- C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
PRC - [2004/02/03 14:42:54 | 00,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2006/07/11 08:23:50 | 01,174,528 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
PRC - [2006/07/11 08:24:42 | 00,341,504 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe
PRC - [2006/07/11 08:26:52 | 01,313,792 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoServer.exe
PRC - [2008/05/03 14:47:58 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/16 18:29:04 | 00,510,416 | ---- | M] (Orb Networks) -- C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
PRC - [2009/08/19 13:25:52 | 01,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
PRC - [2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2003/11/21 21:02:42 | 00,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
PRC - [2004/12/14 18:48:46 | 00,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
PRC - [2007/01/15 13:23:48 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/08/09 13:51:34 | 00,446,464 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
PRC - [2008/01/29 22:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Orb Networks\Orb\bin\Orb.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/12/04 18:11:56 | 00,372,736 | ---- | M] (CallingID Ltd.) -- C:\Program Files\comcasttb\CIDGlobalLight.exe
PRC - [2009/08/30 15:57:29 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0095651248528254mcinstcleanup [Auto | Stopped])
SRV - [2009/06/17 13:49:44 | 00,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2009/03/24 20:37:04 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2007/09/26 13:55:04 | 00,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
SRV - [2004/08/04 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2009/01/09 13:05:26 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Stopped])
SRV - [2009/05/01 15:34:14 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/04/09 08:18:50 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/05/08 11:54:34 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/04/09 11:46:14 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/05/13 23:24:26 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/05/08 09:33:16 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2009/05/08 16:26:32 | 00,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2003/12/17 15:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2008/09/21 18:01:22 | 00,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService [Auto | Running])
SRV - [2006/07/11 08:22:40 | 00,857,088 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- (TivoBeacon2 [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])
SRV - [2000/06/26 09:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/03/30 08:19:56 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Stopped])
DRV - [2002/04/17 21:27:02 | 00,011,264 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\System32\Drivers\ASAPIW2K.sys -- (ASAPIW2K [On_Demand | Running])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Stopped])
DRV - [1999/09/10 13:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [System | Running])
DRV - [2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Stopped])
DRV - [2003/09/22 10:48:00 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2004/08/22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [Boot | Running])
DRV - [2004/08/22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [Boot | Running])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Stopped])
DRV - [2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2004/02/10 17:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2003/12/17 13:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Stopped])
DRV - [2003/12/17 13:50:00 | 00,025,505 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2 [On_Demand | Running])
DRV - [2003/12/17 13:50:00 | 00,037,887 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys -- (LHidUsb [On_Demand | Running])
DRV - [2003/12/17 13:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2009/05/13 23:25:06 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/05/13 23:25:06 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/05/13 23:25:06 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/05/13 23:24:34 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/05/13 23:25:06 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2009/04/09 14:23:02 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Stopped])
DRV - [2007/11/15 16:30:48 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [Auto | Running])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2001/08/31 16:07:30 | 00,027,255 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\Drivers\nwwmusb.sys -- (NWWMUSB [On_Demand | Stopped])
DRV - [2003/09/22 10:47:00 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/06/09 14:16:00 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2004/03/01 19:53:12 | 00,037,760 | ---- | M] (Motorola Inc) -- C:\WINDOWS\System32\DRIVERS\P2k.sys -- (P2k [On_Demand | Stopped])
DRV - [2009/04/03 10:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2003/03/05 14:19:00 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/11/02 16:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Stopped])
DRV - [2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Stopped])
DRV - [2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Stopped])
DRV - [2004/11/16 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,086,554 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2004/09/14 18:46:38 | 00,069,120 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd [Boot | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Stopped])
DRV - [2007/04/09 10:53:24 | 00,012,672 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/04/09 10:56:22 | 00,021,248 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007/04/09 10:55:08 | 00,022,912 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2008/04/13 14:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2006/06/08 08:06:05 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])
DRV - [2003/08/01 15:47:24 | 00,029,239 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\system32\DRIVERS\vobid.sys -- (VOBID [Boot | Running])
DRV - [2003/12/22 10:28:20 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2001/12/27 11:59:34 | 00,067,072 | ---- | M] (WIBU-SYSTEMS AG) -- C:\WINDOWS\System32\DRIVERS\Wibukey.sys -- (WIBUKEY [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-496493497-2470544995-2681549737-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-496493497-2470544995-2681549737-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-496493497-2470544995-2681549737-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=083009
IE - HKU\S-1-5-21-496493497-2470544995-2681549737-1006\S-1-5-21-496493497-2470544995-2681549737-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-496493497-2470544995-2681549737-1006\S-1-5-21-496493497-2470544995-2681549737-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.charter.net/index.php"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.5
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2


FF - HKLM\software\mozilla\Firefox\Extensions\\{69310596-6DE5-44DB-ADAE-A985D6C1CBE2}: C:\Documents and Settings\Jason\Local Settings\Application Data\{69310596-6DE5-44DB-ADAE-A985D6C1CBE2} [2009/08/27 08:58:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2487ADE0-4BBA-412E-833A-9C80457A1381}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2487ADE0-4BBA-412E-833A-9C80457A1381}\ [2009/08/28 08:26:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/09 18:02:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/09 18:02:11 | 00,000,000 | ---D | M]

[2008/12/13 10:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Extensions
[2008/12/13 10:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/30 12:12:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\e3ltojk4.default\extensions
[2009/03/14 15:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\e3ltojk4.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/08/09 20:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\e3ltojk4.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/08/30 12:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\e3ltojk4.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}
[2009/08/09 20:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\e3ltojk4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/03 08:03:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\e3ltojk4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/06/30 11:50:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/09 18:02:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/09 18:01:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/09 18:01:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/13 14:55:45 | 00,417,792 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol305.dll
[2008/06/18 03:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2006/02/14 10:40:00 | 00,459,496 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/09 18:01:39 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2005/09/24 00:44:16 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/10 15:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/25 08:14:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/25 08:14:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/25 08:14:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/25 08:14:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/25 08:14:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/25 08:14:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/25 08:14:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/10 15:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/05/15 21:41:44 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2005/08/14 13:02:50 | 00,176,176 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint_03000F10.dll
[2009/08/09 18:01:54 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/09 18:01:54 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/01 12:50:26 | 00,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml
[2009/08/09 18:01:54 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/09 18:01:54 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/09 18:01:54 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/09 18:01:54 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/09 18:01:54 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006..\Run: [Google Update] C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe (Orb Networks)
O4 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006..\Run: [SMSystemAnalyzer] C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe ()
O4 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006..\Run: [TivoTransfer] C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\Jason\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Jason\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-496493497-2470544995-2681549737-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://support2.charter.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/12 22:19:17 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0961ac96-bfae-11dd-a193-001111bd0fa8}\Shell - "" = AutoRun
O33 - MountPoints2\{0961ac96-bfae-11dd-a193-001111bd0fa8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0961ac96-bfae-11dd-a193-001111bd0fa8}\Shell\AutoRun\command - "" = F:\DTVP_Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (smrgdf) - C:\WINDOWS\System32\smrgdf.exe ()
O34 - HKLM BootExecute: (C:\Program) - File not found
O34 - HKLM BootExecute: (Files\iolo\System) - File not found
O34 - HKLM BootExecute: (Mechanic) - File not found
O34 - HKLM BootExecute: (6\) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/30 16:00:28 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\settings.dat
[2009/08/30 15:57:14 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2009/08/30 12:12:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\CallingID
[2009/08/30 12:11:59 | 00,000,000 | ---D | C] -- C:\Program Files\CA
[2009/08/30 12:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\comcasttb
[2009/08/30 12:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\comcasttb
[2009/08/30 11:10:37 | 00,236,032 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\fantasy football 09 projections.xls
[2009/08/30 11:04:34 | 00,031,198 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\ff09rb.xls
[2009/08/30 10:47:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Help
[2009/08/30 10:47:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Help
[2009/08/30 09:31:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Malwarebytes
[2009/08/30 09:30:57 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/30 09:30:54 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/30 09:30:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/30 09:30:51 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/30 09:30:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/29 12:01:34 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\Shortcut to Tcpview.lnk
[2009/08/29 10:56:26 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2009/08/29 10:53:58 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/08/29 10:53:45 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/08/29 10:53:45 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/08/29 10:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/29 10:53:31 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/08/29 10:53:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/08/29 10:53:24 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/08/29 10:53:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\PC Tools
[2009/08/29 10:53:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/08/28 18:53:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/28 18:52:57 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/08/28 18:20:31 | 13,401,33376 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/28 08:07:50 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\housecall.guid.cache
[2009/08/27 09:04:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Ekijamava.dat
[2009/08/27 08:57:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\{69310596-6DE5-44DB-ADAE-A985D6C1CBE2}
[2009/08/15 13:02:20 | 00,002,284 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\Google Chrome.lnk
[2009/08/15 13:01:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Temp
[2009/08/15 13:00:58 | 00,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-496493497-2470544995-2681549737-1006UA.job
[2009/08/15 13:00:53 | 00,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-496493497-2470544995-2681549737-1006Core.job
[2009/08/15 13:00:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Deployment
[2009/08/07 21:23:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Move Networks
[2009/08/01 21:10:48 | 00,007,852 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\I would like to express my interest in your Administrative Specialist position with Georgia Southern University.xml
[2009/08/01 15:20:50 | 00,024,363 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\AndrewCoverLetterGSUAdminSpecialist.doc
[2009/08/01 12:24:46 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/01 12:22:58 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/01 12:22:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/01 12:07:46 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/14 15:11:41 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/03/14 15:11:12 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/03/14 15:10:55 | 00,000,683 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/07/20 21:09:57 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2008/07/20 21:09:57 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2008/02/02 18:14:02 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/02/02 18:14:02 | 00,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/05/04 08:00:02 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2006/04/22 19:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/02/12 14:06:53 | 00,001,433 | ---- | C] () -- C:\WINDOWS\SysMech6.INI
[2006/02/12 13:48:24 | 01,212,416 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2006/01/02 16:38:36 | 00,000,144 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/05/26 20:59:35 | 00,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2005/02/15 10:34:40 | 00,000,272 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2005/02/13 18:14:41 | 00,000,625 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2005/02/05 18:49:18 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/02/05 18:49:18 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2005/02/02 17:39:43 | 00,004,103 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/01 21:55:15 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/02/01 21:20:31 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/01/31 23:08:17 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/27 01:44:20 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/27 01:38:39 | 00,000,262 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/27 01:34:17 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/27 01:34:07 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/01/27 01:34:07 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/27 01:34:00 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/27 01:07:38 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/13 11:19:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/10 15:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:04:08 | 00,000,719 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 14:57:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/04 07:00:00 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003208_.tmp.dll
[2004/08/04 07:00:00 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003175_.tmp.dll
[2004/08/04 07:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/12/18 11:16:50 | 00,005,743 | ---- | C] () -- C:\WINDOWS\UN021217.INI
[2003/01/30 08:04:00 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\StlpMt45.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 02:00:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1980/01/01 02:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 02:00:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 02:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/08/30 16:05:04 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-496493497-2470544995-2681549737-1006UA.job
[2009/08/30 16:00:28 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\settings.dat
[2009/08/30 15:57:29 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2009/08/30 15:52:34 | 00,001,088 | ---- | M] () -- C:\Documents and Settings\Jason\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
[2009/08/30 15:50:33 | 00,013,745 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/08/30 15:46:54 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/30 15:46:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/30 15:46:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/08/30 15:46:28 | 13,401,33376 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/30 15:36:13 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Ekijamava.dat
[2009/08/30 13:05:08 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-496493497-2470544995-2681549737-1006Core.job
[2009/08/30 11:10:37 | 00,236,032 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\fantasy football 09 projections.xls
[2009/08/30 11:04:37 | 00,031,198 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\ff09rb.xls
[2009/08/30 09:30:57 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/30 09:10:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/29 12:01:34 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Shortcut to Tcpview.lnk
[2009/08/29 11:21:50 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/29 10:53:31 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/08/29 00:30:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (OFFICEDELL-Jason).job
[2009/08/28 08:20:02 | 00,001,433 | ---- | M] () -- C:\WINDOWS\SysMech6.INI
[2009/08/28 08:07:50 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\housecall.guid.cache
[2009/08/28 08:06:01 | 00,002,284 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Google Chrome.lnk
[2009/08/27 10:51:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/11 19:04:33 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/01 21:10:49 | 00,007,852 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\.xml
[2009/08/01 21:04:41 | 00,024,363 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\
[2009/08/01 12:29:27 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/08/01 12:24:46 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/30 21:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF7482000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0F5F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF798F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: ktchhjqn.sys
Image Path: ktchhjqn.sys
Address: 0xF75F7000 Size: 61440 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7AB6000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xAF8DA000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jason\Cookies\index[1].htm
Status: Locked to the Windows API!

Path: c:\documents and settings\jason\local settings\temporary internet files\content.ie5\52jmjykn\bind[1].htm
Status: Size mismatch (API: 665, Raw: 591)

Path: C:\Documents and Settings\Jason\Local Settings\Apps\2.0\42QQTJK8.L5G\PKM843TP.QOK\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jason\Local Settings\Apps\2.0\42QQTJK8.L5G\PKM843TP.QOK\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "d347bus.sys" at address 0xf751d818

#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7a44514

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "d347bus.sys" at address 0xf7511a20

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7a33282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7a33474

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf7a44d00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7a44fb8

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "d347bus.sys" at address 0xf75122a8

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "d347bus.sys" at address 0xf751d910

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf7a433fa

#: 160 Function Name: NtQueryKey
Status: Hooked by "d347bus.sys" at address 0xf75122c8

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "d347bus.sys" at address 0xf751d866

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf7a45422

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "d347bus.sys" at address 0xf751d0b0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7a447d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7a32f32

Stealth Objects
-------------------
Object: Hidden Handle [Index: 1300, Type: Thread]
Process: csrss.exe (PID: 652) Address: 0x88eab020 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a5f83d0 Size: 11

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x89e2da70 Size: 11

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a421008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a49a5f0 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLOSE]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_READ]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_WRITE]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_EA]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLEANUP]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_POWER]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_PNP]
Process: System Address: 0x8a657620 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CLOSE]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_READ]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_WRITE]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_EA]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CLEANUP]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_POWER]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_PNP]
Process: System Address: 0x8a244ed8 Size: 99

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8a2383b0 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x896e67a8 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a155178 Size: 11

Object: Hidden Code [Driver: RDP_M, IRP_MJ_READ]
Process: System Address: 0x8a0f6538 Size: 11

Object: Hidden Code [Driver: Msfsࠅ敓捁ࠁఄ扏摈, IRP_MJ_READ]
Process: System Address: 0x89f80030 Size: 11

Object: Hidden Code [Driver: tfsndrctࠆః杇獬ë, IRP_MJ_READ]
Process: System Address: 0x8a270110 Size: 11

Object: Hidden Code [Driver: tfsnboioࠆౚ瑔摦偰噘, IRP_MJ_READ]
Process: System Address: 0x898bf278 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x89e297d8 Size: 11

Object: Hidden Code [Driver: tfsnudfaІ఍敋ꁹ, IRP_MJ_READ]
Process: System Address: 0x8a43acb8 Size: 11

Object: Hidden Code [Driver: tfsnudf, IRP_MJ_READ]
Process: System Address: 0x8a35d8a0 Size: 11

Object: Hidden Code [Driver: tfsncofs؆ఎ桇扡�xx, IRP_MJ_READ]
Process: System Address: 0x8a2564c0 Size: 11

==EOF==

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:24 AM

Posted 31 August 2009 - 11:55 AM

Your initial hijackthis log showed some signs of infection, but these logs don't show any signs of malware that I can see. Whatever steps you have taken between your posts seemed to have cleared it up.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users