Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet search results are all spam!!!


  • This topic is locked This topic is locked
16 replies to this topic

#1 amendni

amendni

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 19 October 2009 - 10:46 PM

Hello -

So I just moved and finally (after 8mos) got around to setting up my old computer. Turn it on and BAM Antivirus System Pro 2009 virus! I think I have managed to remove it using Malwarebytes, I no longer get the pop ups, but I cannot fix the internet search results issue. Whenever I search the internet with any search engine I get spam or results that have noting to do with what I searched for and its driving me crazy. I tried searching the registry for "antivirus" and found some entries that I deleted, then rebooted and got 1 goot search then back to the same spam results.

If anyone can help it would be greatly appreciated. Looking at the Hijackthis file, I am assuming the "Host" section is where my problem lies, but I am not sure if there is any other colporate running that will continue to reinstall this mess.

I have attached the ark, dds and attach file to this email, if you want me to actually post it within the post just let me know.

Thank you in advance for your help.

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:43 PM, on 10/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nick\Desktop\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
O1 - Hosts: 91.212.127.226 os-guardpro.com
O1 - Hosts: 91.212.127.226 www.os-guardpro.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AVG Tray Monitor] C:\Program Files\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-americas.ey.com/home/extraweb/iNotes.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-americas.ey.com/home/extraweb/iNotes6.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/22.26/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179512313062
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://192.168.2.2:60200/tsweb/msrdp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75602A9B-5A91-4EFF-8ADB-9A5618A53114}: NameServer = 216.146.35.35,216.146.36.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Program Files\DynDNS Updater\DynDNS.exe (file missing)
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Record Service (RemoteRecord) - - c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 13376 bytes

Attached Files

  • Attached File  Attach.txt   18.56KB   15 downloads
  • Attached File  DDS.txt   17.23KB   12 downloads
  • Attached File  ark.txt   2.81KB   13 downloads

Edited by amendni, 19 October 2009 - 11:01 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:22 PM

Posted 30 October 2009 - 09:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:22 PM

Posted 05 November 2009 - 05:33 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:22 PM

Posted 07 November 2009 - 11:37 AM

Hi,

topic has been reopened. Please post your OTL logs.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 amendni

amendni
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 09 November 2009 - 02:46 PM

will post the logs as soon as i get home tonight, thanks.

#6 amendni

amendni
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 09 November 2009 - 07:17 PM

OTL

OTL logfile created on: 11/9/2009 7:09:50 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.21% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 3.93 Gb Free Space | 3.67% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 5.38 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICKY
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/09 19:09:10 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
PRC - [2009/11/06 21:17:27 | 08,318,056 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2009/11/06 20:46:47 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/28 07:38:18 | 00,099,704 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2009/09/28 07:38:12 | 00,091,504 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe
PRC - [2009/06/03 23:55:16 | 00,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/03 23:49:56 | 01,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009/02/23 10:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/09 13:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/01/09 12:02:58 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/09 11:21:22 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/16 19:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/12/19 08:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2006/12/12 09:46:52 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/08/11 10:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/07/06 06:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2006/06/09 11:47:52 | 00,047,104 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2006/04/06 10:51:04 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2006/01/10 12:42:42 | 00,495,616 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/07/09 00:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/03/23 01:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/10/29 01:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/08/20 09:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (SafeList) ==========

MOD - [2009/11/09 19:09:10 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2005/09/20 12:08:08 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (DynDNS_Updater_Service)
SRV - File not found -- -- (AcrSch2Svc)
SRV - [2009/10/20 00:02:40 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/28 07:38:18 | 00,099,704 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2009/02/23 10:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/09 18:51:42 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/01/09 13:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/01/09 13:05:26 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/01/09 12:02:58 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/01/09 11:21:22 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/02/28 16:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/02/18 15:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007/12/03 20:12:22 | 00,138,680 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/10/16 19:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2007/05/20 17:58:20 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/05/11 12:10:00 | 00,132,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2007/05/11 01:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2007/03/28 19:42:42 | 00,029,704 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/16 03:18:46 | 00,028,672 | ---- | M] ( ) -- c:\Program Files\Microsoft Corporation\MSN Remote Record service\RemoteRecordClient.exe -- (RemoteRecord)
SRV - [2007/02/05 10:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/05 13:04:10 | 02,918,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/12/19 08:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/20 10:12:20 | 06,352,963 | ---- | M] () -- C:\Program Files\SlimServer\server\slim.exe -- (slimsvc)
SRV - [2006/09/14 06:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/08/11 10:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2005/12/21 20:16:24 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/12/12 17:52:32 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/07/12 16:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2005/07/09 00:57:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2009/07/24 18:28:50 | 00,030,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/06/04 01:48:12 | 01,177,624 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 01:48:00 | 00,095,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 01:47:50 | 00,158,744 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 01:47:42 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 01:47:34 | 00,130,072 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 01:47:24 | 00,347,080 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 01:47:14 | 00,526,232 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2009/06/04 01:47:06 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 01:46:56 | 01,324,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 01:46:56 | 01,324,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 01:46:42 | 00,072,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 01:46:42 | 00,072,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 01:46:34 | 00,171,032 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 01:46:34 | 00,171,032 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/01/09 12:03:40 | 00,213,640 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/01/09 12:03:40 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/01/09 12:03:40 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/01/09 12:03:40 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/01/09 12:03:06 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/10/23 13:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 13:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/10 08:19:18 | 00,097,728 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/04/07 18:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/12 23:01:52 | 00,095,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/11/12 23:01:50 | 00,323,520 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/11/12 23:01:50 | 00,280,512 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/11/12 23:01:50 | 00,128,960 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/10/27 12:56:07 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2007/10/02 15:52:18 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2007/09/12 09:20:58 | 00,046,112 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/09/12 09:20:28 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (LMImirr)
DRV - [2007/08/07 14:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/03/30 20:48:02 | 00,018,232 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2007/03/30 20:46:50 | 00,013,368 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2007/03/30 20:44:22 | 00,020,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2007/03/12 10:15:48 | 00,038,400 | R--- | M] () -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter)
DRV - [2007/03/08 17:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/15 19:56:49 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/12/26 07:54:35 | 00,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/11/02 00:50:52 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/07 21:16:06 | 00,010,112 | ---- | M] (Western Digital Technologies) -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/08/02 10:45:32 | 00,114,560 | ---- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2006/07/06 05:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2006/02/02 15:05:04 | 00,376,320 | ---- | M] (Lumanate, Inc.) -- C:\WINDOWS\system32\drivers\Angel.sys -- (Angel)
DRV - [2006/01/31 07:21:48 | 00,025,900 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/12/12 17:52:34 | 00,010,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/12/12 17:52:34 | 00,007,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/12/12 17:52:34 | 00,006,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/12/12 17:52:34 | 00,006,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/12/12 17:52:32 | 00,007,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/21 00:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [2005/09/20 11:56:44 | 00,548,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2005/09/20 11:56:40 | 00,157,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2005/09/20 11:56:26 | 00,536,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2005/09/20 11:56:22 | 00,087,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2005/07/08 17:57:00 | 03,198,304 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/06/14 23:40:08 | 00,180,864 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/31 16:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express)
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/12/11 09:17:14 | 00,037,087 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 F2 AD C6 4E 4F CA 01 [binary data]
IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\S-1-5-21-4001384353-3801579786-3544407903-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell/en/side.html
IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012\S-1-5-21-4001384353-3801579786-3544407903-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20091031
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:2.0.0.46


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/20 21:52:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 20:46:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 20:46:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/06 21:17:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/10/26 21:23:15 | 00,000,000 | ---D | M]

[2008/08/28 20:28:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Extensions
[2008/08/28 20:28:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/08 20:43:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions
[2008/09/07 10:59:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/11/06 21:22:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/11/08 20:43:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/10/24 13:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/10/18 10:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/10/26 21:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2008/10/18 10:05:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/10/20 20:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/10/20 20:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/10/20 20:39:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/06 21:22:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\nasanightlaunch@example.com
[2009/10/20 20:39:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\extensions\savesession@noasobi.net
[2009/11/08 19:56:39 | 00,005,500 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\searchplugins\foodtv.xml
[2008/06/21 17:31:23 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\searchplugins\IMDB.xml
[2008/06/21 17:31:23 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\searchplugins\wikipedia.xml
[2009/11/08 19:56:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 20:46:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/11 11:37:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/01 17:19:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/10/17 10:14:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/20 20:59:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/06 20:38:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/06 20:46:46 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 20:46:46 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/05/12 10:15:53 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2006/02/07 16:41:38 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/10/17 13:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/09/19 16:55:20 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/19 07:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2006/12/12 10:48:22 | 01,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/06 20:46:48 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006/11/10 20:45:47 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2006/11/10 20:45:56 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2006/11/10 20:45:39 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/10/17 12:05:27 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/17 12:05:27 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/17 12:05:27 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/17 12:05:28 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/17 12:05:28 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/05/12 10:15:53 | 00,000,686 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.png
[2008/05/12 10:15:53 | 00,000,531 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.src
[2009/10/17 12:05:28 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (21 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006..\Run: [Titan Backup] C:\Program Files\Titan Backup\TitanBackup.exe (Neobyte Solutions)
O4 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012..\Run: [DellSupport-] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\System32\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\System32\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-4001384353-3801579786-3544407903-1006\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} https://extraweb-americas.ey.com/home/extraweb/iNotes.cab (iNotes Class)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://extraweb-americas.ey.com/home/extraweb/iNotes6.cab (iNotes6 Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/22.26/uploader2.cab (UploadListView Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1256022043093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://192.168.2.2:60200/tsweb/msrdp.cab (Microsoft Terminal Services Client Control (redist))
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15109/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/09 19:09:20 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2009/11/08 20:41:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\vlc
[2009/11/08 20:31:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Desktop\Dora.The.Explorer.Best.Friends.2009.DvDRiP.XviD-ExtraScene RG
[2009/11/08 19:56:14 | 00,000,000 | ---D | C] -- C:\Program Files\Titan Backup
[2009/11/08 12:39:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\SysTweak Backup Manager
[2009/11/06 20:38:03 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/06 20:38:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/06 20:38:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/01 16:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/23 22:11:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/10/23 22:11:53 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/10/23 21:53:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Desktop\GARMIN
[2009/10/23 20:31:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/10/20 19:58:25 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/10/20 00:47:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/20 00:44:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/20 00:44:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/20 00:44:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/20 00:44:35 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/20 00:44:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/20 00:44:05 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/20 00:26:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative Labs
[2009/10/20 00:02:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2009/10/20 00:01:58 | 00,102,400 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\cttele32.dll
[2009/10/20 00:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Data
[2009/10/19 23:58:17 | 22,691,984 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\AppSetup.exe
[2009/10/19 21:53:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Desktop\HJT
[2009/10/19 20:46:02 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2009/10/18 08:31:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/18 08:31:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/18 01:33:49 | 77,086,488 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Nick\Desktop\Ad-AwareInstallation.exe
[2009/10/18 01:27:30 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Nick\Desktop\spybotsd162.exe
[2009/10/18 01:25:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Malwarebytes
[2009/10/18 01:24:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/18 01:24:54 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/18 01:24:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/18 01:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/18 00:36:28 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Nick\IECompatCache
[2009/10/17 12:42:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DynDNS
[2009/10/17 12:25:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Nick\PrivacIE
[2009/10/17 12:24:02 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Nick\IETldCache
[2009/10/17 12:00:09 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/10/17 12:00:08 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/10/17 12:00:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/17 11:59:57 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/10/17 11:57:37 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/17 11:34:34 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2009/10/17 11:31:06 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/10/17 11:28:44 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/10/17 11:28:27 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/10/17 11:26:43 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/10/17 11:25:41 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/10/17 11:25:40 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/10/17 11:25:40 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/10/17 11:25:40 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/10/17 11:25:39 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/10/17 11:25:39 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/10/17 11:25:39 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/10/17 11:25:38 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/10/17 11:25:38 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/10/17 11:25:17 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/10/17 11:25:16 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/10/17 11:19:59 | 01,296,288 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Nick\Desktop\DMSetup.exe
[2009/10/17 10:01:35 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/10/17 10:01:35 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/10/17 10:01:25 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/10/17 10:01:25 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/10/17 10:01:13 | 00,339,968 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2009/10/17 10:01:13 | 00,090,112 | ---- | C] (Sigmatel, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2009/10/17 10:01:13 | 00,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2009/10/17 10:01:12 | 00,143,441 | ---- | C] (Sigmatel, Inc.) -- C:\WINDOWS\System32\stac97.cpl
[2006/11/25 19:49:59 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Nick\Application Data\pcouffin.sys
[2006/01/29 13:27:14 | 00,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/09 19:09:10 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2009/11/09 19:06:22 | 00,096,768 | ---- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/08 23:29:21 | 12,582,912 | ---- | M] () -- C:\Documents and Settings\Nick\ntuser.dat
[2009/11/08 23:27:56 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/08 20:40:46 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/11/08 19:56:16 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Titan Backup.lnk
[2009/11/08 19:46:40 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\vso_ts_preview.xml
[2009/11/07 19:59:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 19:59:35 | 00,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/07 19:59:34 | 00,072,168 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/07 19:59:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/07 19:58:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/07 19:58:56 | 21,455,46240 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/07 19:58:52 | 00,468,659 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2009/11/07 19:58:19 | 00,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2009/11/07 19:58:19 | 00,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2009/11/07 19:58:19 | 00,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2009/11/07 19:58:12 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Nick\ntuser.ini
[2009/11/07 12:46:02 | 00,514,698 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/07 12:46:02 | 00,436,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/07 12:46:02 | 00,070,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/07 12:40:37 | 10,255,894 | -H-- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\IconCache.db
[2009/11/06 20:40:11 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/06 20:40:11 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/02 17:25:33 | 00,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/01 00:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/20 22:27:56 | 00,000,120 | ---- | M] () -- C:\WINDOWS\CIS_Setup_3.12.111745.560_XP_Vista_x32.INI
[2009/10/20 19:58:27 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\SpywareBlaster.lnk
[2009/10/20 01:03:59 | 00,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/20 00:56:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/20 00:47:38 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2009/10/20 00:01:49 | 00,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/10/20 00:01:49 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/10/19 20:46:07 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2009/10/18 01:33:47 | 77,086,488 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Nick\Desktop\Ad-AwareInstallation.exe
[2009/10/18 01:27:25 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Nick\Desktop\spybotsd162.exe
[2009/10/18 01:24:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/18 01:03:02 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/17 12:42:23 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
[2009/10/17 12:22:48 | 01,453,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/17 11:44:26 | 00,000,764 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/17 11:20:06 | 01,296,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Nick\Desktop\DMSetup.exe
[2009/10/11 07:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/11 04:17:33 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/11 04:17:32 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/11 04:17:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/11 02:14:35 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/08 20:40:46 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/11/08 19:56:16 | 00,000,665 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Titan Backup.lnk
[2009/11/06 20:40:11 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/06 20:40:11 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/10/23 22:11:56 | 00,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/10/20 22:27:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.12.111745.560_XP_Vista_x32.INI
[2009/10/20 19:58:27 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\SpywareBlaster.lnk
[2009/10/20 00:47:38 | 00,000,223 | ---- | C] () -- C:\Boot.bak
[2009/10/20 00:47:36 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/20 00:44:35 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/20 00:44:35 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/20 00:44:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/20 00:44:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/20 00:07:41 | 00,055,468 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2009/10/20 00:07:41 | 00,000,788 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2009/10/19 21:41:56 | 21,455,46240 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/18 01:24:59 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/17 12:42:23 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
[2009/10/17 11:25:16 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/06/04 00:37:08 | 00,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 00:37:06 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/03 23:55:20 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/06/03 23:55:20 | 00,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/09/19 16:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 16:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 16:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/14 00:14:33 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\.mpid
[2008/04/20 14:03:24 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\vso_ts_preview.xml
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/19 09:00:37 | 00,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2008/01/19 08:02:27 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/01/19 08:01:15 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/01/18 08:26:05 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/24 04:10:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2007/12/24 04:10:09 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2007/12/03 22:31:46 | 00,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/10/27 12:54:06 | 00,000,606 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2007/09/12 09:19:56 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/25 22:22:55 | 00,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2007/07/08 17:14:29 | 00,000,124 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/06/22 20:51:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Tb2Desk.INI
[2007/05/27 14:44:52 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/26 21:13:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2007/05/20 21:40:01 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2007/05/20 17:19:44 | 00,046,592 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2007/05/20 17:19:44 | 00,044,416 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2007/05/20 17:19:44 | 00,037,248 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2007/05/20 17:19:43 | 00,038,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/05/12 16:44:21 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/12 16:44:21 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/12 16:44:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/12 16:44:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/12 16:44:21 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/12 16:44:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/03/06 08:42:38 | 00,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/03/06 08:42:38 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/03/03 11:32:33 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/01/13 13:06:42 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2006/12/31 15:07:34 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/03 12:03:07 | 00,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2006/11/25 19:50:17 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\pcouffin.log
[2006/11/25 19:49:59 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\ezpinst.exe
[2006/11/25 19:49:59 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\pcouffin.cat
[2006/11/25 19:49:59 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\pcouffin.inf
[2006/11/15 20:06:26 | 10,255,894 | -H-- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\IconCache.db
[2006/11/10 21:37:31 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/10/08 13:03:17 | 00,000,503 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/12 13:16:11 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/06 21:15:29 | 00,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2006/09/06 21:15:27 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/09/06 21:15:27 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/09/06 21:15:26 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/09/05 21:27:48 | 00,175,104 | ---- | C] () -- C:\WINDOWS\lame_enc.dll
[2006/08/31 08:13:23 | 00,001,051 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2006/08/27 17:25:43 | 00,001,045 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2006/06/07 04:09:42 | 00,433,678 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/06/07 04:09:14 | 02,559,762 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/06/07 04:06:48 | 00,023,757 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/06/01 09:39:30 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\LDECMPG22.dll
[2006/06/01 09:39:20 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\LENCMPG22.dll
[2006/06/01 09:38:36 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\LENCMPG2KRN2.dll
[2006/05/31 10:52:54 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\LDECMPG2KRN2.dll
[2006/05/28 17:31:26 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\LEncMPG4Krn.dll
[2006/05/23 07:35:22 | 01,814,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15_n.dll
[2006/05/21 18:37:47 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/04/26 22:16:55 | 00,001,699 | ---- | C] () -- C:\WINDOWS\SysMech6.INI
[2006/03/14 22:36:56 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2006/02/19 20:12:26 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/16 07:36:48 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/12 08:55:18 | 00,096,768 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/01 21:12:15 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D0CC95E2B9.sys
[2006/01/31 22:25:00 | 00,030,152 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/01/31 22:18:31 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/31 21:48:01 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\fusioncache.dat
[2006/01/31 21:48:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Nick\Application Data\desktop.ini
[2006/01/29 14:14:08 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/29 14:02:00 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/01/29 13:59:26 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/29 13:56:10 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/29 13:27:16 | 00,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/01/29 13:27:14 | 00,049,274 | ---- | C] () -- C:\WINDOWS\System32\claptn32.ini
[2006/01/29 13:27:14 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/01/29 13:25:18 | 00,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2006/01/29 13:25:18 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2006/01/29 13:24:18 | 00,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/30 15:18:26 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/12/30 15:10:30 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/11/17 12:57:30 | 00,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/10/14 21:10:24 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2005/08/17 02:26:24 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2005/08/17 02:26:20 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2005/08/17 02:26:04 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2005/08/17 02:25:24 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2005/08/17 02:25:20 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2005/08/17 02:25:16 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2005/08/17 02:25:12 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2005/08/17 02:24:04 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 05:18:43 | 00,000,764 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 05:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 16:37:04 | 00,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2005/07/12 16:36:12 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2005/07/12 16:34:22 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2005/07/12 16:34:06 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2005/07/12 16:33:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2005/07/12 16:32:40 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2005/07/12 16:32:20 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2005/07/12 16:29:46 | 01,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2005/07/12 16:28:22 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2005/06/07 21:10:50 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/06/01 11:53:38 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2004/02/01 14:21:56 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/07 14:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 17:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



Extras

OTL Extras logfile created on: 11/9/2009 7:09:50 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.21% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 3.93 Gb Free Space | 3.67% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 5.38 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICKY
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"9000:TCP" = 9000:TCP:*:Enabled:SlimServer 9000 tcp
"3483:UDP" = 3483:UDP:*:Enabled:SlimServer 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:SlimServer 3483 tcp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dlcjcoms.exe" = C:\WINDOWS\system32\dlcjcoms.exe:*:Enabled:Dell 964 Server -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcjpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcjpswx.exe:*:Enabled:Dell 964 Printer Status -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\FlashGet\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"#1 DVD Ripper" = #1 DVD Ripper 6.2.2
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{12118183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2472C661-3F88-4298-818D-0E3A7A74C7FC}" = avi.NET v2.2.2.0
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2E6C1A15-5147-487A-80D7-EDF3B915A7BE}" = TMPGEnc DVD Source Creator 2.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}" = Beyond TV DVD Burning Foundation
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4915A273-16A5-42E7-B258-65BD92862D2E}_is1" = Genie Backup Manager Pro 8.0
"{49C989ED-853C-4507-BE25-4F63BC5E0BCF}" = MSN Remote Record service
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5292F612-698D-4CEE-8449-6FDB10BFB1AB}" = Google Desktop Plugin - Calculator
"{5301C483-40FB-4F94-B56E-D7D5A114D2F6}" = Garmin City Navigator North America NT v8
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5AB07385-ECE4-4CC6-886F-90669F2CB796}" = Garmin MapSource
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}" = Diskeeper 2008 Pro Premier
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6B29B686-E9E1-49C0-97EB-02D44FF92FF5}" = TMPGEnc DVD Author 1.5
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7135A750-3DD0-493A-A109-CA863E6530E3}" = MSN Remote Record for Media Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.1.55b
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel® Quick Resume Technology Drivers
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9233F6E2-952D-48C5-A0A2-FA6AEEFA8194}" = Logitech Harmony Remote Client
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{9667274F-E846-45C2-81B7-00D7C64B969D}" = DVRMSToolbox
"{96AF271A-43B5-4615-8D00-26B45EE58FC8}" = Garmin City Navigator North America NT 2008 Update
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{984856E0-11D0-405F-9AE6-82676BA6CA1A}" = Garmin MapInstall
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F2439-CE2F-46E8-8E8C-46F0BF68B59B}" = WOW XT Plug-In for Windows Media Player
"{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}" = InterVideo AVControlSDK
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE55B9C0-D0E6-42F5-8CCA-9A6B90359FAC}" = Google Desktop Plugin - Calendar
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}" = Garmin POI Loader
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E871B6E5-6B93-4A69-AF76-1F8270AAA2F7}" = PhotoFrame Pro 3.0 Demo
"{EAE92D24-1E4B-4B3B-894D-622E942939DA}" = Google Desktop Plugin - eBay Watcher
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"7-Zip" = 7-Zip 4.32
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Allok Video to iPod Converter_is1" = Allok Video to iPod Converter 4.7.1202
"Alt.Binz" = Alt.Binz 0.25.0
"AnyDVD" = AnyDVD
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"AudioCS" = Creative Audio Control Panel
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Blaze Media Pro" = Blaze Media Pro
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"DFX for Winamp" = DFX for Winamp
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DynDNSUpdater" = DynDNS Updater
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"FlashGet(Jetcar) 1.80" = FlashGet(Jetcar) 1.80
"GENEUIDE" = USB Storage Driver
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Desktop" = Google Desktop
"GrabIt_is1" = GrabIt 1.7.1 Beta (build 960)
"GTK 2.0" = GTK+ Runtime 2.14.6 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImTOO DVD Ripper Platinum" = ImTOO DVD Ripper Platinum
"ImTOO iPod Movie Converter" = ImTOO iPod Movie Converter
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{9233F6E2-952D-48C5-A0A2-FA6AEEFA8194}" = Logitech Harmony Remote Client
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Intel® Quick Resume Technology" = Intel® Quick Resume Technology Drivers
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.1
"IZArc 3.5 beta 3_is1" = IZArc 3.5 beta 3
"JDiskReport 1.2.5" = JGoodies JDiskReport 1.2.5
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"MediaMonkey_is1" = MediaMonkey 2.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Money2007b" = Microsoft Money 2007
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MP3 Splitter & Joiner_is1" = MP3 Splitter & Joiner
"mr7910_1ffef370f39864f3aaa62219d434ae06b02b70ab" = Windows Driver Package - (mr7910) Image 08/08/2006 1.4.0.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"pdfFactory Pro" = pdfFactory Pro
"PeerGuardian_is1" = PeerGuardian 2.0
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Connections Drivers
"QuickSFV" = QuickSFV (Remove only)
"RealPlayer 6.0" = RealPlayer
"SlickRun" = Bayden SlickRun (remove only)
"SlimServer_is1" = SlimServer 6.5.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Rosetta Stone" = The Rosetta Stone
"Titan Backup" = Titan Backup
"TMM70" = TELL ME MORE
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"VCDEasy_is1" = VCDEasy
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.5.512
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.3
"VobSub" = VobSub v2.23 (Remove Only)
"VSO ConvertXtoDVD_is1" = ConvertXtoDVD 2.2.3.258
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4001384353-3801579786-3544407903-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"17f94b4ee7206120" = SIRIUS Internet Radio Player
"mpowerplayer" = mpowerplayer
"Sansa Updater" = Sansa Updater
"Softsqueeze 3.0" = Softsqueeze 3.0
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2009 8:35:02 PM | Computer Name = VICKY | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\EB940C659E972054EB7A79453A6EF0B9\SourceList'

Error - 10/23/2009 9:28:31 PM | Computer Name = VICKY | Source = MsiInstaller | ID = 11714
Description = Product: Skype™ 4.1 -- Error 1714. The older version of Skype™ 4.1
cannot be removed. Contact your technical support group. System Error 1612.

Error - 10/23/2009 9:32:30 PM | Computer Name = VICKY | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 4328 ,Logged: Success: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Error - 10/26/2009 10:13:49 PM | Computer Name = VICKY | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader 8.1.4 - Update 'KB408682' could not be installed.
Error code 1651. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 10/26/2009 10:15:08 PM | Computer Name = VICKY | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader 8.1.4 - Update 'KB408682' could not be installed.
Error code 1651. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 10/26/2009 10:15:52 PM | Computer Name = VICKY | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader 8.1.4 - Update 'KB408682' could not be installed.
Error code 1651. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 10/26/2009 10:17:11 PM | Computer Name = VICKY | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\EB940C659E972054EB7A79453A6EF0B9\SourceList'

Error - 10/26/2009 10:20:01 PM | Computer Name = VICKY | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\EB940C659E972054EB7A79453A6EF0B9\SourceList'

Error - 10/26/2009 10:20:23 PM | Computer Name = VICKY | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\EB940C659E972054EB7A79453A6EF0B9\SourceList'

Error - 10/26/2009 10:22:20 PM | Computer Name = VICKY | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\EB940C659E972054EB7A79453A6EF0B9\SourceList'

[ IntelDH Events ]
Error - 10/20/2009 10:06:48 PM | Computer Name = VICKY | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 10/20/2009 10:33:07 PM | Computer Name = VICKY | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 10/20/2009 10:47:49 PM | Computer Name = VICKY | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 10/20/2009 11:44:14 PM | Computer Name = VICKY | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 10/20/2009 11:52:44 PM | Computer Name = VICKY | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 10/20/2009 11:56:13 PM | Computer Name = VICKY | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 10/21/2009 12:04:57 AM | Computer Name = VICKY | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 10/23/2009 11:11:22 PM | Computer Name = VICKY | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 10/26/2009 10:27:24 PM | Computer Name = VICKY | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 11/7/2009 1:42:01 PM | Computer Name = VICKY | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

[ System Events ]
Error - 11/29/2008 8:32:45 PM | Computer Name = VICKY | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 11/30/2008 10:00:35 AM | Computer Name = VICKY | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 11/30/2008 10:00:43 AM | Computer Name = VICKY | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 11/30/2008 10:00:49 AM | Computer Name = VICKY | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 11/30/2008 10:00:56 AM | Computer Name = VICKY | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 11/30/2008 10:01:03 AM | Computer Name = VICKY | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 12/2/2008 12:00:15 AM | Computer Name = VICKY | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 12/2/2008 9:46:57 AM | Computer Name = VICKY | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {6A972E27-93E2-4F98-8367-4101B2073814}
as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 12/2/2008 9:46:57 AM | Computer Name = VICKY | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 12/2/2008 1:57:20 PM | Computer Name = VICKY | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.


< End of report >


Please let me know if you could help and if there is anything you need from me. Thank you.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:22 PM

Posted 10 November 2009 - 05:15 AM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

If you still have the log in C:\combofix.txt please post the content in your next reply.

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

I also noticed Viewpoint Manager, it is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Finally please post a log from gmer in your next reply:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

My nick has changed tonight _temp_ from myrti. I hope this won't confuse too much.
regards myrti

Edited by myrti, 10 November 2009 - 05:17 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 amendni

amendni
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 10 November 2009 - 08:18 AM

Here is the combofix log

ComboFix 09-10-19.01 - Nick 10/20/2009 1:49.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1409 [GMT -4:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nick\Application Data\inst.exe
c:\documents and settings\Nick\My Documents\7.25 Backup REG.reg
c:\documents and settings\Nick\My Documents\Reg backup 8.2.2008.reg
c:\documents and settings\Nick\My Documents\Reg backup 8.7.2008.reg
c:\documents and settings\Nick\My Documents\Registry 10.19.2009 after removal.reg
c:\documents and settings\Nick\My Documents\Registry 10.19.2009.reg
c:\recycler\NPROTECT
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\Temp
c:\windows\Installer\13bae7.msp
c:\windows\Installer\13baf9.msp
c:\windows\Installer\142f6b6f.msp
c:\windows\Installer\17495273.msp
c:\windows\Installer\175e9fd1.msp
c:\windows\Installer\17e91cc2.msp
c:\windows\Installer\17fb0710.msp
c:\windows\Installer\1b3cd6.msp
c:\windows\Installer\1df5f1.msp
c:\windows\Installer\22e68285.msi
c:\windows\Installer\27fe5b3.msi
c:\windows\Installer\32cddc0.msp
c:\windows\Installer\39626.msp
c:\windows\Installer\4a8b30.msp
c:\windows\Installer\4bc6d1a.msp
c:\windows\Installer\51094f.msi
c:\windows\Installer\57c87d0.msp
c:\windows\Installer\57c87e6.msp
c:\windows\Installer\5cd5a7.msp
c:\windows\Installer\5cd5b9.msp
c:\windows\Installer\5cd5cb.msp
c:\windows\Installer\5e1822.msp
c:\windows\Installer\5ec3c4.msp
c:\windows\Installer\61ab3.msi
c:\windows\Installer\61e96.msp
c:\windows\Installer\61e9c.msp
c:\windows\Installer\62f8b2.msi
c:\windows\Installer\7243f.msp
c:\windows\Installer\7247ec.msp
c:\windows\Installer\738ff.msp
c:\windows\Installer\73905.msp
c:\windows\Installer\7a23434.msi
c:\windows\Installer\7ed2b.msi
c:\windows\Installer\99975.msp
c:\windows\Installer\9e29623.msp
c:\windows\Installer\aa64bbc.msp
c:\windows\Installer\d8398.msp
c:\windows\Installer\f091701.msp
c:\windows\kb913800.exe
c:\windows\system32\Cache
c:\windows\system32\clrviddc.dll
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 )))))))))))))))))))))))))))))))
.

2009-10-20 05:26 . 2009-10-20 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative Labs
2009-10-20 05:02 . 2009-10-20 05:02 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-10-20 05:01 . 2008-02-04 14:27 102400 ----a-w- c:\windows\system32\cttele32.dll
2009-10-20 05:00 . 2009-10-20 05:01 -------- d-----w- c:\windows\system32\Data
2009-10-20 04:58 . 2009-05-18 18:34 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2009-10-18 13:31 . 2009-10-20 02:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-18 13:31 . 2009-10-20 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-18 06:25 . 2009-10-18 06:25 -------- d-----w- c:\documents and settings\Nick\Application Data\Malwarebytes
2009-10-18 06:24 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 06:24 . 2009-10-18 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-18 06:24 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 06:24 . 2009-10-18 06:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 06:17 . 2009-10-18 06:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-18 05:36 . 2009-10-18 05:36 -------- d-sh--w- c:\documents and settings\Nick\IECompatCache
2009-10-17 17:42 . 2009-10-17 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DynDNS
2009-10-17 17:25 . 2009-10-17 17:25 -------- d-sh--w- c:\documents and settings\Nick\PrivacIE
2009-10-17 17:24 . 2009-10-17 17:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-17 17:24 . 2009-10-17 17:24 -------- d-sh--w- c:\documents and settings\Nick\IETldCache
2009-10-17 17:00 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-17 17:00 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- c:\windows\ie8updates
2009-10-17 16:59 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-17 16:57 . 2009-10-17 16:59 -------- dc-h--w- c:\windows\ie8
2009-10-17 16:34 . 2009-09-06 07:09 126976 ------w- c:\windows\system32\dllcache\ftpsvc2.dll
2009-10-17 16:31 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-17 16:28 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-17 16:26 . 2009-05-21 18:46 268288 ------w- c:\windows\system32\dllcache\httpext.dll
2009-10-17 16:25 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-10-17 16:25 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-10-17 16:25 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-10-17 16:25 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-10-17 16:25 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-17 16:25 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-17 16:25 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-17 16:25 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-10-17 16:25 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-10-17 16:25 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-17 16:25 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-17 15:01 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-17 15:01 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-10-17 15:01 . 2009-10-17 15:01 -------- d-----w- c:\program files\Sigmatel
2009-10-17 15:01 . 2005-03-23 06:20 339968 ----a-w- c:\windows\stsystra.exe
2009-10-17 15:01 . 2005-03-22 11:20 90112 ----a-w- c:\windows\system32\stacapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 05:25 . 2006-01-29 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-10-20 05:22 . 2006-01-29 18:52 -------- d-----w- c:\program files\Creative
2009-10-20 05:22 . 2006-01-29 18:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 05:01 . 2008-01-19 04:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-20 05:01 . 2008-01-19 04:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-20 02:21 . 2008-04-12 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-18 05:28 . 2007-11-24 12:32 -------- d-----w- c:\program files\Advanced System Optimizer
2009-10-17 19:29 . 2008-08-14 18:47 -------- d-----w- c:\program files\mIRC
2009-10-17 17:42 . 2006-09-04 03:29 -------- d-----w- c:\program files\DynDNS Updater
2009-10-17 16:23 . 2006-10-30 03:50 -------- d-----w- c:\documents and settings\Nick\Application Data\uTorrent
2009-10-17 15:48 . 2007-05-30 20:40 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-17 15:14 . 2006-01-29 18:45 -------- d-----w- c:\program files\Java
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-08-29 07:36 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 10:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-08-16 10:40 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2005-08-16 10:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 04:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 09:23 . 2009-01-01 22:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 23:28 . 2009-07-24 23:28 676704 ----a-w- c:\windows\system32\LCCoin30.dll
2009-07-24 23:28 . 2009-07-24 23:28 30560 ----a-w- c:\windows\system32\drivers\nx6000.sys
2008-05-12 15:15 . 2006-04-08 15:23 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-04-12 03:31 . 2008-04-12 03:29 24 --sh--w- c:\windows\S1ED643EB.tmp
2006-05-13 17:41 . 2006-02-02 02:12 56 -csh--r- c:\windows\system32\D0CC95E2B9.sys
2006-05-13 17:41 . 2006-02-16 12:36 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-01-10 495616]
"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"PMX Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2006-06-09 47104]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2009-06-04 25600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" - c:\windows\system32\MIDIDEF.EXE [2007-11-13 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-25 24576]
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2009-9-28 91504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-02 20:51 75064 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 17:10 18744 ----a-w- c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Nick^Start Menu^Programs^Startup^Anapod Manager.lnk]
backup=c:\windows\pss\Anapod Manager.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"OODefragTray"=c:\windows\system32\oodtray.exe
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 964\memcard.exe"
"IntelMeM"=c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
"dlcjmon.exe"="c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"RRTray"="c:\program files\Microsoft Corporation\MSN Remote Record service\rrtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcjpswx.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp

R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [9/28/2009 8:38 AM 99704]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/18/2007 10:25 AM 46112]
R3 Angel;Angel MPEG Device;c:\windows\system32\drivers\Angel.sys [1/29/2006 2:25 PM 376320]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [7/24/2009 7:28 PM 30560]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/20/2009 1:02 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [9/7/2006 10:16 PM 10112]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CREATIVE_AUDIO_ENGINE_LICENSING_SERVICE
*NewlyCreated* - CTEDSPFX.DLL
*NewlyCreated* - CTEDSPIO.DLL
*NewlyCreated* - CTEDSPSY.DLL
*NewlyCreated* - CTERFXFX.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-10 15:53]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-10 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {75602A9B-5A91-4EFF-8ADB-9A5618A53114} = 216.146.35.35,216.146.36.36
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\dyw1foyv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AVG Tray Monitor - c:\program files\AVG\AVG8\avgtray.exe
AddRemove-Dell Game Console - c:\program files\WildTangent\Apps\Dell Game Console\Uninstall.exe
AddRemove-HijackThis - c:\documents and settings\Nick\Desktop\HijackThis.exe
AddRemove-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\CDAUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 01:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4001384353-3801579786-3544407903-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E236692A-B00B-FBD2-58F7-54A49A31C3C3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="23DC8AA67B6EBDB62AA715997198A9EFD8AF5F3B184BC9F7E1AAE4BEFC6CAF446DF2862709E3405B47116F3AAE89D86B149874402B6F813312D197954F6F2FB9F53E8E88E396175A4ED95C0C92558D1879427EB7E886FC4CAF1CA51AE641689717D3FE52987F78AF6725948A4A12257824FD2F3242FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA9C6AECB7A5D14079DB7CE019D40AA5CC05D85FD3EBC12B74BDECA10831E02C16510D0932C347D3763B1F182A8A3C44D47DAA5D17F14A45FB01399ACB3933AADA38A9533E51C00AA995837D75A90B15AE9D0794540E3F93FFC6590CFD0BBF25CCF960D813AAFFA40C7FAD5AE5D8D50A4DA4B7498D7BB821C000B292D631DB45475B455C20210ABDFD604B3F7F6F5B2157D3E609218CDC601392132FAE7631AE152CAE2BF030263B5603F0730D946805A6900D8FC42F2E23C5F27CB734DDED592599E7A42FBEE0832B460DC51B2A1F1E46D4ACE248DA3855FDA806D55F803A93B31DD391B1D641109D67B14DC1ECCD6E887BB085A260071BF4A735F64C1E8EF72341A8B9D0C110DB27F0A60572EB211E0EED61D752A4B7EF9FE2D40E473CA1492F0C5B521E14C9DEA9969CA4AE96017890902F9CF2C6B97E8FD3B0124CE09953C29BACC802B8C77B2C45B2D414A89F1E375075FC5B46CBCB20292696F08288AD0D4B43E1DE8F0644E5386B8CCBE81C2B40315633ABDFB7F3A760A1119C65099F71D53465A113940C4CF71EF03A6443886B53FEC92366D0A2A7FDCE678A64C009EE19C791F8BC9FDE2720BAC7BDA6D1BA448F9BA37023894F170A92CE8B80D0EF1B478BD5735ACA138ACA418D124C145A125A05C1677F67042D37577478025A765DBB24E72DF8EC51A217434A8BFA4A3526DF2B622E068009367A63277754E4431527C39E4D040179FA712D3A36122BA4F761103D07E6F3A1D9C0998DF0563F0CF4769622540B6D6A54CFC1F6CAD679E76C7034E9A83132C5E984CBEEA0E64CE009CF17FAF5C8AD94C4E9512AD4045FAE89EB278FD16FDF29AB40409076474114469739B84457889F62020FA99A5B18D8AEA6DB6FB527FC2D67EA532A750DC0166772E16A68FE163CDE94800E4DF482886D167119B460A63DCB80EC7C38E09F9EEC445209DC44C79BD881A964866C533482B36E5E574B4AE3B57FCAAD4CE88EBAE84C1437562DEEE770B878A7E218C26828454E467D4BB16C38416115A3590DB389E11D7BDD8E7006E3365FDCAEFA211A81C209332D27B1B0E1EDE06D5D9F662E12B028D898D5877D8F9EC6370A4319575E95C49DDCCF8557235C4E44FC7382BC77A4A677159C3B7B68A3C81B70506EAE4932EB3019559F0908F95E1507FF4F6498E013B1189E4364545D475"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\LMIinit.dll
c:\windows\system32\PCANotify.dll
.
Completion time: 2009-10-20 1:58
ComboFix-quarantined-files.txt 2009-10-20 05:58

Pre-Run: 3,257,798,656 bytes free
Post-Run: 3,692,093,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /TUTag=LUFLZ7

- - End Of File - - F710C310173775708F1295A4EC3B5F39

I removed viewpoint and will post the other log once completed.

#9 amendni

amendni
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 10 November 2009 - 08:55 PM

GMER Log

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-10 20:53:47
Windows 5.1.2600 Service Pack 3
Running: ushb8hq4.exe; Driver: C:\DOCUME~1\Nick\LOCALS~1\Temp\fxtdypoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA4F0C44A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA4F0C4E1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA4F0C3F8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA4F0C40C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA4F0C4F5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA4F0C521]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA4F0C58F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA4F0C579]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA4F0C48A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA4F0C5BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA4F0C4CD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA4F0C3D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA4F0C3E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA4F0C45E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA4F0C5F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA4F0C563]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA4F0C54D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA4F0C50B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA4F0C5E3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA4F0C5CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA4F0C436]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA4F0C422]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA4F0C537]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA4F0C4B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA4F0C5A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA4F0C4A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA4F0C474]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A4F0C478 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A4F0C44E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP A4F0C48E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP A4F0C4A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP A4F0C462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP A4F0C3D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP A4F0C3E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP A4F0C426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP A4F0C410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11FA 5 Bytes JMP A4F0C3FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP A4F0C43A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AC 5 Bytes JMP A4F0C4BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EA 7 Bytes JMP A4F0C551 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D38 7 Bytes JMP A4F0C53B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622062 7 Bytes JMP A4F0C5A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622900 7 Bytes JMP A4F0C567 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D4 7 Bytes JMP A4F0C50F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237B2 5 Bytes JMP A4F0C4E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C42 7 Bytes JMP A4F0C4F9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E12 7 Bytes JMP A4F0C525 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF2 7 Bytes JMP A4F0C593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425C 7 Bytes JMP A4F0C57D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B84 5 Bytes JMP A4F0C4D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EAA 7 Bytes JMP A4F0C5FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062516A 5 Bytes JMP A4F0C5D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585E 5 Bytes JMP A4F0C5E7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625978 5 Bytes JMP A4F0C5BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012A0FEF
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012A0F69
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 012A005E
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 012A0F90
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 012A0043
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012A0FA1
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012A0F44
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012A0080
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012A00BB
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012A0F18
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012A00CC
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012A0028
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012A0FDE
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012A006F
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 012A0FB2
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 012A0FC3
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012A0F33
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0F94
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0FA5
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FF0051
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0F9E
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0FAF
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0029
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0018
.text C:\WINDOWS\system32\services.exe[644] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC0F77
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC006C
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0F9E
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0051
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0FAF
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC00A4
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0F5C
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC0F15
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC0F3A
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC0EFA
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC0036
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC0011
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0087
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC0FC0
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC0FDB
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC0F4B
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FB0FDE
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FB006C
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FB002F
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FB005B
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FB000A
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FB0040
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FB0FC3
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FA0FD9
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA0064
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FA0038
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FA000C
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FA0049
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FA001D
.text C:\WINDOWS\system32\lsass.exe[656] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE007D
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0062
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0F88
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0051
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00B0
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE009F
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F3C
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F4D
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00E6
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0040
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE008E
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FB9
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00C1
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0014
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0F79
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FB9
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0040
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BD0F9E
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DD, 88]
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0025
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0F9C
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC001D
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FB7
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC000C
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\svchost.exe[816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E30042
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E30F4D
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E30F5E
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E3001B
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E30F94
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E30070
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E3005F
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E300A3
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E30092
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E300B4
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E30F79
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E30F28
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E30FB9
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E30FCA
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E30081
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E20FDB
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E2008E
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E2002C
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E20011
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E2007D
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E20062
.text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E20047
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E10F8D
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E10022
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E10FBC
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10011
.text C:\WINDOWS\system32\svchost.exe[876] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E10FD7
.text C:\WINDOWS\system32\svchost.exe[876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E00000
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 034A0FEF
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 034A0F61
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 034A0F86
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 034A0F97
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 034A0054
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 034A0FB2
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 034A0F1F
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 034A0F3A
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 034A00A7
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 034A0096
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 034A00B8
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 034A0039
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 034A0FDE
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 034A0071
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 034A0FC3
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 034A001E
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 034A0F0E
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03490040
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03490FB6
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03490FE5
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0349001B
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0349007D
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0349000A
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03490062
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03490051
.text C:\WINDOWS\System32\svchost.exe[944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 034D0FB2
.text C:\WINDOWS\System32\svchost.exe[944] msvcrt.dll!system 77C293C7 5 Bytes JMP 034D0FC3
.text C:\WINDOWS\System32\svchost.exe[944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 034D0FDE
.text C:\WINDOWS\System32\svchost.exe[944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 034D0000
.text C:\WINDOWS\System32\svchost.exe[944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 034D0033
.text C:\WINDOWS\System32\svchost.exe[944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 034D0FEF
.text C:\WINDOWS\System32\svchost.exe[944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 034C0FEF
.text C:\WINDOWS\System32\svchost.exe[944] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 034B0FEF
.text C:\WINDOWS\System32\svchost.exe[944] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 034B0FD4
.text C:\WINDOWS\System32\svchost.exe[944] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 034B0FC3
.text C:\WINDOWS\System32\svchost.exe[944] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 034B0FB2
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F30
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F4B
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F5C
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650F8A
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F02
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F13
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650083
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650EE0
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650ECF
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650F79
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650EF1
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640FA1
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640FB2
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0064004A
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630055
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FCA
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630029
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063003A
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630018
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00800F70
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00800F81
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0080005B
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00800F9E
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00800FCA
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0080009D
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00800F55
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008000B8
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00800F1F
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008000C9
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00800FAF
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00800014
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00800080
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00800036
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00800025
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00800F44
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F001B
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0F79
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F0FD4
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F0FE5
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007F0F94
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007F0FA5
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9F, 88]
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007F0036
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007E0033
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 007E0022
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007E0011
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007E0FD2
.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007D000A
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0F5E
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0F6F
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0F8A
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0F9B
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0FD1
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0075
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F39
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0ED2
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF0EF7
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF0086
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0FB6
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0064
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF003D
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF002C
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0F12
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0025
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0F90
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0FA1
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CE0FB2
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EE, 88]
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0FC3
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD006E
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0FE3
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD002E
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0053
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD001D
.text C:\WINDOWS\system32\svchost.exe[1076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02130FEF
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02130F83
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02130F9E
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02130078
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02130FAF
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02130FCA
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 021300B0
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02130F68
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02130F17
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02130F28
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 021300CB
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02130051
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0213000A
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02130089
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02130036
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02130025
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02130F4D
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02120FB9
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02120F7C
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0212000A
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02120FD4
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02120039
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02120FEF
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02120F8D
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [32, 8A]
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02120FA8
.text C:\WINDOWS\Explorer.EXE[1656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 020A0FB2
.text C:\WINDOWS\Explorer.EXE[1656] msvcrt.dll!system 77C293C7 5 Bytes JMP 020A0FC3
.text C:\WINDOWS\Explorer.EXE[1656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 020A0033
.text C:\WINDOWS\Explorer.EXE[1656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 020A0000
.text C:\WINDOWS\Explorer.EXE[1656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 020A0FD4
.text C:\WINDOWS\Explorer.EXE[1656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 020A0FEF
.text C:\WINDOWS\Explorer.EXE[1656] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01EF0000
.text C:\WINDOWS\Explorer.EXE[1656] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01EF0025
.text C:\WINDOWS\Explorer.EXE[1656] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01EF0FEF
.text C:\WINDOWS\Explorer.EXE[1656] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01EF0036
.text C:\WINDOWS\Explorer.EXE[1656] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01F00000
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50F6B
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C50F7C
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50F8D
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C5004A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50FB2
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C50F35
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C5007D
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50F09
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C50F24
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C50EEE
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C50039
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C50F46
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C50FC3
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C50FDE
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C50098
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C40F9E
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C40F65
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C40FAF
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C4002C
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30F9A
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30FB5
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FE3
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30025
.text C:\WINDOWS\system32\svchost.exe[1756] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C30FC6
.text C:\WINDOWS\system32\svchost.exe[1756] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1756] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[1756] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[1756] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\svchost.exe[1756] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20000
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F4B
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70F66
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70040
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70F83
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70025
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70087
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70076
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700D1
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F700AC
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70F1D
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70F9E
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F7000A
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F7005B
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70FC3
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F2E
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F6001B
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F6005F
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60000
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F6004E
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F6003D
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F6002C
.text C:\WINDOWS\System32\svchost.exe[1924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50F9C
.text C:\WINDOWS\System32\svchost.exe[1924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50FAD
.text C:\WINDOWS\System32\svchost.exe[1924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F5000C
.text C:\WINDOWS\System32\svchost.exe[1924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\System32\svchost.exe[1924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50027
.text C:\WINDOWS\System32\svchost.exe[1924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FDE
.text C:\WINDOWS\System32\svchost.exe[1924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013A0000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013A0F83
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 013A0078
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013A0051
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 013A0F9E
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013A0040
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 013A0F4B
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013A0093
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013A0F04
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013A0F15
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013A00B8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 013A0FAF
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013A0025
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 013A0F68
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 013A0FDE
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 013A0FEF
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 013A0F30
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01380FAA
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] msvcrt.dll!system 77C293C7 5 Bytes JMP 0138003F
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0138002E
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01380000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01380FD9
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0138001D
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0139000A
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01390051
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01390FC3
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01390FD4
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01390040
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01390FEF
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01390F9E
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [59, 89]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0139001B
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] WS2_32.dll!socket 71AB4211 3 Bytes JMP 01370FE5
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1992] WS2_32.dll!socket + 4 71AB4215 1 Byte [8F]
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50F6D
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C50058
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50047
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50F8A
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C5002C
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C50F30
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C50F41
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C500BF
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C500AE
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C50F15
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C50FA5
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C50F5C
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C50FC0
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C5001B
.text C:\WINDOWS\system32\svchost.exe[2372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C50093
.text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C40F97
.text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C40FA8
.text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C40FC3
.text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E4, 88] {IN AL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[2372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C4004A
.text C:\WINDOWS\system32\svchost.exe[2372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30075
.text C:\WINDOWS\system32\svchost.exe[2372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30064
.text C:\WINDOWS\system32\svchost.exe[2372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C3002E
.text C:\WINDOWS\system32\svchost.exe[2372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[2372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30053
.text C:\WINDOWS\system32\svchost.exe[2372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3001D
.text C:\WINDOWS\system32\svchost.exe[2372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0FA1
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB0096
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB007B
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB0FB2
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB004A
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB0F4E
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB0F75
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB0F18
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB0F29
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CB00D6
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CB0FC3
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CB0F90
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CB002F
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CB001E
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CB00B1
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CA0FB2
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CA004A
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CA0FC3
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CA002F
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CA0F8D
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP 50C03388
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CA001E
.text C:\WINDOWS\system32\svchost.exe[2500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C90FC8
.text C:\WINDOWS\system32\svchost.exe[2500] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C90049
.text C:\WINDOWS\system32\svchost.exe[2500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C90FD9
.text C:\WINDOWS\system32\svchost.exe[2500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[2500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C9002E
.text C:\WINDOWS\system32\svchost.exe[2500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C9001D
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80FEF
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80084
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F80073
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80058
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80FA5
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80036
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F48
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80F59
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80F1C
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F80F2D
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F80F0B
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80047
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F8000A
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F80F74
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80025
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80FD4
.text C:\Program Files\Messenger\msmsgs.exe[2892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F800AB
.text C:\Program Files\Messenger\msmsgs.exe[2892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F6006E
.text C:\Program Files\Messenger\msmsgs.exe[2892] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F60FD9
.text C:\Program Files\Messenger\msmsgs.exe[2892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F6002E
.text C:\Program Files\Messenger\msmsgs.exe[2892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F60000
.text C:\Program Files\Messenger\msmsgs.exe[2892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F60049
.text C:\Program Files\Messenger\msmsgs.exe[2892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F6001D
.text C:\Program Files\Messenger\msmsgs.exe[2892] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F7004A
.text C:\Program Files\Messenger\msmsgs.exe[2892] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F7006C
.text C:\Program Files\Messenger\msmsgs.exe[2892] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F70025
.text C:\Program Files\Messenger\msmsgs.exe[2892] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F70014
.text C:\Program Files\Messenger\msmsgs.exe[2892] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F7005B
.text C:\Program Files\Messenger\msmsgs.exe[2892] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F70FEF
.text C:\Program Files\Messenger\msmsgs.exe[2892] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F70FC3
.text C:\Program Files\Messenger\msmsgs.exe[2892] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [17, 89]
.text C:\Program Files\Messenger\msmsgs.exe[2892] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F70FDE
.text C:\Program Files\Messenger\msmsgs.exe[2892] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F50000
.text C:\Program Files\Messenger\msmsgs.exe[2892] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00EA000A
.text C:\Program Files\Messenger\msmsgs.exe[2892] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00EA0FEF
.text C:\Program Files\Messenger\msmsgs.exe[2892] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00EA0FCA
.text C:\Program Files\Messenger\msmsgs.exe[2892] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00EA0FB9
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A008B
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A007A
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0069
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0058
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00B7
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F7B
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00EA
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00D9
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F36
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0047
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00A6
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0025
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[3992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00C8
.text C:\WINDOWS\Explorer.EXE[3992] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[3992] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290073
.text C:\WINDOWS\Explorer.EXE[3992] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[3992] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[3992] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290062
.text C:\WINDOWS\Explorer.EXE[3992] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[3992] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290051
.text C:\WINDOWS\Explorer.EXE[3992] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290040
.text C:\WINDOWS\Explorer.EXE[3992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0051
.text C:\WINDOWS\Explorer.EXE[3992] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0040
.text C:\WINDOWS\Explorer.EXE[3992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A000A
.text C:\WINDOWS\Explorer.EXE[3992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\Explorer.EXE[3992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0025
.text C:\WINDOWS\Explorer.EXE[3992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\Explorer.EXE[3992] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[3992] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C001B
.text C:\WINDOWS\Explorer.EXE[3992] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[3992] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\Explorer.EXE[3992] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00F60FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 23DC8AA67B6EBDB62AA715997198A9EFD8AF5F3B184BC9F7E1AAE4BEFC6CAF446DF2862709E3405B47116F3AAE89D86B149874402B6F813312D197954F6F2FB9F53E8E88E396175A4ED95C0C92558D1879427EB7E886FC4CAF1CA51AE641689717D3FE52987F78AF6725948A4A12257824FD2F3242FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA9C6AECB7A5D14079DB7CE019D40AA5CC05D85FD3EBC12B74BDECA10831E02C16510D0932C347D3763B1F182A8A3C44D47DAA5D17F14A45FB01399ACB3933AADA38A9533E51C00AA995837D75A90B15AE9D0794540E3F93FFC6590CFD0BBF25CCF960D813AAFFA40C7FAD5AE5D8D50A4DA4B7498D7BB821C000B292D631DB45475B455C20210ABDFD604B3F7F6F5B2157D3E609218CDC601392132FAE7631AE152CAE2BF030263B5603F0730D946805A6900D8FC42F2E23C5F27CB734DDED592599E7A42FBEE0832B460DC51B2A1F1E46D4ACE248DA3855FDA806D55F803A93B31DD391B1D641109D67B14DC1ECCD6E887BB085A260071BF4A735F64C1E8EF72341A8B9D0C110DB27F0A60572EB211E0EED61D752A4B7EF9FE2D40E473CA1492F0C5B521E14C9DEA9969CA4AE96017890902F9CF2C6B97E8FD3B0124CE09953C29BACC802B8C77B2C45B2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E236692A-B00B-FBD2-58F7-54A49A31C3C3}

---- EOF - GMER 1.0.15 ----

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:22 PM

Posted 11 November 2009 - 06:14 AM

Hi,

how is your PC behaving now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 amendni

amendni
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 11 November 2009 - 08:13 AM

Its been ok, just wanted to make sure there wasn't anything else lurking on my pc.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:22 PM

Posted 11 November 2009 - 08:29 AM

Hi,

I'm glad to hear things are working as they should. :( I just wanted to make sure everything was running fine, before proceeding.

I would like you to run the following two scans to check for remaining malware:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Eset:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please post back both logs in your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 amendni

amendni
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 12 November 2009 - 08:21 PM

Ran the scanner and malware and both came back with no infected files. :(

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:22 PM

Posted 13 November 2009 - 07:13 AM

Hi,

glad to hear this! :(

Since your PC appears to be malware free I think we should now focus on bringing it up to date:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

Please tell me if oyu had any problems with these steps.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 amendni

amendni
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 13 November 2009 - 08:06 AM

Not sure if you were looking at the right logs but my java is up to date Version 6 update 17 and adobe reader is up to date as well. Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users