Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Google Searches Redirected


  • Please log in to reply
11 replies to this topic

#1 pjctpa

pjctpa

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 24 October 2009 - 01:47 PM

Everytime I try to click on a Google search I've performed, I'm redirected to some other random marketing site. I've tried McAfee, Spy Bot, Ad-Aware and they all indicate no problems but I know there's a problem. At one point, I saw what looked like a message from McAfee saying that 'Adware Side-Search' needed permission to download -- not sure if this was related to the Ad-Aware program I had just downloaded. Also, I found my Windows Firewall turned OFF and I never remember doing that. My husband also uses this computer and lord knows what sites he visits which may be the source of my problem(s). Please help. Thanks in advance -- keep in mind I'm a novice when it comes to computer technology.


DDS (Ver_09-10-24.02) - NTFSx86
Run by PJC at 14:06:28.31 on Sat 10/24/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IDTSysTrayApp] sttray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
Filter: text/html - {88652dce-8d5d-4c6f-88a4-43c9c555b538} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pjc\applic~1\mozilla\firefox\profiles\nxygho8u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\pjc\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\pjc\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-24 16:24:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2009-10-24 16:17:25 0 d-----w- c:\program files\Citrix
2009-10-24 14:41:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-24 14:35:20 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 14:34:50 0 d-----w- c:\program files\Lavasoft
2009-10-24 00:25:44 0 d-----w- c:\program files\IDT
2009-10-24 00:25:37 204800 ----a-w- c:\windows\system32\stacsv.exe
2009-10-24 00:25:37 1900544 ----a-w- c:\windows\system32\stlang.dll
2009-10-24 00:25:36 405504 ----a-w- c:\windows\sttray.exe
2009-10-23 15:38:53 23392 ----a-w- c:\windows\system32\nscompat.tlb
2009-10-23 15:38:53 16832 ----a-w- c:\windows\system32\amcompat.tlb
2009-10-20 03:44:29 0 d-----w- c:\program files\common files\xing shared
2009-10-20 03:43:14 0 d-----w- c:\program files\common files\Real
2009-10-17 15:24:25 73728 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys
2009-10-17 15:24:25 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2009-10-17 15:24:24 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys
2009-10-16 18:43:44 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-10-16 18:39:30 0 d-sh--w- c:\documents and settings\pjc\IECompatCache
2009-10-16 18:38:35 0 d-sh--w- c:\documents and settings\pjc\PrivacIE
2009-10-16 18:14:45 0 d-sh--w- c:\documents and settings\pjc\IETldCache
2009-10-16 17:27:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-16 17:27:34 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-16 17:27:25 0 d-----w- c:\windows\ie8updates
2009-10-16 17:26:20 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-16 17:22:33 0 dc-h--w- c:\windows\ie8
2009-10-16 17:05:15 0 d-----w- c:\windows\system32\XPSViewer
2009-10-16 17:03:55 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-16 17:03:55 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-16 17:03:55 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-16 17:03:55 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-16 17:03:55 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-16 17:03:54 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-16 17:03:54 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-16 17:03:53 0 d-----w- C:\96ee75eeb6f9be21860b8ecb441a22
2009-10-16 16:51:57 0 d-----w- c:\windows\system32\URTTemp
2009-10-16 15:57:20 0 d-----w- c:\windows\pss
2009-10-16 15:51:00 0 d-----w- c:\docume~1\pjc\applic~1\Malwarebytes
2009-10-16 15:50:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-08 22:57:27 29376 ---ha-w- c:\windows\system32\mlfcache.dat

==================== Find3M ====================

2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\SETA2.tmp
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\SETB9.tmp
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-10-06 13:54:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100620081007\index.dat

============= FINISH: 14:12:49.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:26 AM

Posted 01 November 2009 - 11:02 AM

Hello pjctpa

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 pjctpa

pjctpa
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 04 November 2009 - 05:21 PM

Hello,

Thanks so much responding. Included in this email are the three reports you requested (otl.txt, extras.txt and results.log). I look forward to hearing from you.

OTL.TXT

OTL logfile created on: 11/4/2009 9:31:30 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\PJC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 500.29 Mb Available Physical Memory | 49.34% Memory free
2.38 Gb Paging File | 1.83 Gb Available in Paging File | 76.70% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 88.39 Gb Free Space | 79.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PJ-09B088DDA7C8
Current User Name: PJC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\PJC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\PJC\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\MSVCP71.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\system32\MSVCR71.DLL (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gupdate1ca54b748f58ee2) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (IDT, Inc.)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ebay.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 16:57:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/16 13:52:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/10/19 22:44:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 21:51:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 21:51:38 | 00,000,000 | ---D | M]

[2008/12/16 22:05:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Mozilla\Extensions
[2008/12/16 22:05:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/31 07:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Mozilla\Firefox\Profiles\nxygho8u.default\extensions
[2009/10/27 21:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Mozilla\Firefox\Profiles\nxygho8u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/28 07:22:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Mozilla\Firefox\Profiles\nxygho8u.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2008/12/16 22:05:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 21:51:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/29 21:51:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 21:51:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/29 21:51:33 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/19 22:44:48 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/09/23 20:42:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/23 20:42:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/23 20:42:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/23 20:42:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/23 20:42:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/23 20:42:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/23 20:42:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/19 22:45:07 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/10/19 22:44:38 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/09/23 20:15:43 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/23 20:15:43 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/09/23 20:15:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/23 20:15:44 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/23 20:15:44 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/23 20:15:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/23 20:15:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/13 11:01:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13c8fa64-ba66-11de-b70c-0019b97b6216}\Shell - "" = AutoRun
O33 - MountPoints2\{13c8fa64-ba66-11de-b70c-0019b97b6216}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{13c8fa64-ba66-11de-b70c-0019b97b6216}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 14:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/04 09:27:23 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PJC\Desktop\OTL.exe
[2009/10/31 11:56:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Local Settings\Application Data\Temp
[2009/10/29 21:52:44 | 08,080,728 | ---- | C] (Mozilla) -- C:\Documents and Settings\PJC\Desktop\Firefox Setup 3.5.4.exe
[2009/10/27 21:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/10/27 21:28:16 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/10/24 21:39:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/24 21:39:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/24 21:39:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/24 13:16:22 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\PJC\Desktop\RootRepeal.exe
[2009/10/24 11:24:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/10/24 11:17:25 | 00,000,000 | ---D | C] -- C:\Program Files\Citrix
[2009/10/24 09:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Local Settings\Application Data\Google
[2009/10/24 09:35:29 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/10/24 09:34:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/23 19:25:44 | 00,000,000 | ---D | C] -- C:\Program Files\IDT
[2009/10/23 19:25:37 | 01,900,544 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2009/10/23 19:25:37 | 00,204,800 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2009/10/23 19:25:36 | 00,405,504 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
[2009/10/19 22:44:48 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/19 22:44:34 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/19 22:44:34 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/19 22:44:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/19 22:43:27 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/19 22:43:22 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/10/19 22:43:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/10/19 22:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/10/19 22:43:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Application Data\Real
[2009/10/17 10:24:25 | 00,073,728 | ---- | C] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\drivers\Tosrfhid.sys
[2009/10/17 10:24:25 | 00,041,856 | ---- | C] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\drivers\tosrfusb.sys
[2009/10/17 10:24:24 | 00,113,920 | ---- | C] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\drivers\tosrfbd.sys
[2009/10/16 13:51:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Local Settings\Application Data\ApplicationHistory
[2009/10/16 13:39:30 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\PJC\IECompatCache
[2009/10/16 13:38:35 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\PJC\PrivacIE
[2009/10/16 13:14:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\PJC\IETldCache
[2009/10/16 12:27:37 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/10/16 12:27:34 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/10/16 12:27:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/16 12:26:20 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/10/16 12:22:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/16 12:05:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/16 12:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/16 12:04:49 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/16 12:03:55 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/10/16 12:03:55 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/10/16 12:03:55 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/10/16 12:03:55 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/10/16 12:03:55 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/10/16 12:03:54 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/10/16 12:03:54 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/10/16 12:03:53 | 00,000,000 | ---D | C] -- C:\96ee75eeb6f9be21860b8ecb441a22
[2009/10/16 11:52:02 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/10/16 11:52:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/10/16 11:51:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009/10/16 10:57:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/16 10:51:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Application Data\Malwarebytes
[2009/10/16 10:50:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/16 10:28:52 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\PJC\Recent
[2009/10/05 15:19:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Local Settings\Application Data\Yahoo!
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/04 09:29:37 | 00,029,608 | ---- | M] () -- C:\Documents and Settings\PJC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/04 09:27:27 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PJC\Desktop\OTL.exe
[2009/11/04 09:27:17 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/04 09:27:17 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/04 09:27:17 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/04 09:23:49 | 00,017,345 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/04 09:22:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/04 09:21:51 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/04 09:21:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 09:21:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/04 09:20:52 | 04,980,736 | ---- | M] () -- C:\Documents and Settings\PJC\ntuser.dat
[2009/11/04 09:19:12 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\PJC\ntuser.ini
[2009/11/03 00:01:02 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/31 07:31:41 | 06,938,690 | -H-- | M] () -- C:\Documents and Settings\PJC\Local Settings\Application Data\IconCache.db
[2009/10/31 07:19:14 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/29 21:54:03 | 08,080,728 | ---- | M] (Mozilla) -- C:\Documents and Settings\PJC\Desktop\Firefox Setup 3.5.4.exe
[2009/10/28 21:56:40 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\PJC\My Documents\names.doc
[2009/10/27 21:28:19 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/27 21:28:17 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan.lnk
[2009/10/24 21:39:22 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 13:17:51 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\PJC\Desktop\settings.dat
[2009/10/24 13:16:45 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\PJC\Desktop\RootRepeal.exe
[2009/10/24 13:04:52 | 00,523,264 | ---- | M] () -- C:\Documents and Settings\PJC\Desktop\dds.scr
[2009/10/24 09:37:33 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/23 19:22:07 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/23 10:39:48 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/23 10:39:21 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/23 10:39:21 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/19 22:44:48 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/19 22:44:34 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/19 22:44:34 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/19 22:43:27 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/16 14:31:27 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/16 13:07:59 | 00,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/16 10:57:56 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/16 10:57:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/09 00:31:56 | 00,043,520 | ---- | M] () -- C:\Documents and Settings\PJC\My Documents\U2_PlaylistPerTicketMaster_8-09.doc
[2009/10/08 22:49:24 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/08 17:57:27 | 00,029,376 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/05 15:15:22 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\PJC\My Documents\PJC_miscAHNhonors_10-09.doc
[2009/10/05 13:44:09 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\PJC\My Documents\PJC_AHNAwardInfo_10-09.doc
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/27 21:28:19 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/27 21:28:17 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan.lnk
[2009/10/24 21:39:22 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 13:17:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\PJC\Desktop\settings.dat
[2009/10/24 13:04:30 | 00,523,264 | ---- | C] () -- C:\Documents and Settings\PJC\Desktop\dds.scr
[2009/10/24 09:51:53 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/24 09:51:53 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/24 09:42:27 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/24 09:37:33 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/23 10:38:53 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/23 10:38:53 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/19 23:11:41 | 06,938,690 | -H-- | C] () -- C:\Documents and Settings\PJC\Local Settings\Application Data\IconCache.db
[2009/10/16 13:43:44 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/10/16 11:54:59 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/08 17:57:27 | 00,029,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/05 15:15:22 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\PJC\My Documents\PJC_miscAHNhonors_10-09.doc
[2009/10/05 13:44:09 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\PJC\My Documents\PJC_AHNAwardInfo_10-09.doc
[2007/12/26 11:53:08 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/11/03 14:50:14 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\PJC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/24 10:58:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/13 12:44:01 | 00,029,608 | ---- | C] () -- C:\Documents and Settings\PJC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/09/13 11:36:45 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/09/13 11:36:45 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/09/13 11:22:49 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/09/13 11:22:47 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/09/13 11:07:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\PJC\Application Data\desktop.ini
[2007/09/13 06:49:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/04 05:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/24 11:24:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2007/09/13 12:33:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/04/04 18:01:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2008/03/23 16:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/23 20:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 10:09:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/09/13 12:12:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Dell
[2007/09/21 10:17:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\MSNInstaller
[2007/12/22 11:22:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Snapfish
[2008/03/23 16:37:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Viewpoint
[2009/10/31 07:19:14 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/15 00:07:56 | 00,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/01/01 01:00:28 | 00,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/11/04 09:21:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >


OTL Extras logfile created on: 11/4/2009 9:31:31 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\PJC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 500.29 Mb Available Physical Memory | 49.34% Memory free
2.38 Gb Paging File | 1.83 Gb Available in Paging File | 76.70% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 88.39 Gb Free Space | 79.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PJ-09B088DDA7C8
Current User Name: PJC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02807340-8FA2-44B6-ABA1-E443E4FF0A20}" = VZAccess Manager for RIM
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}" = TouchChip USB Driver 2.6
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2009 6:56:08 PM | Computer Name = PJ-09B088DDA7C8 | Source = Google Update | ID = 20
Description =

Error - 10/31/2009 7:56:47 AM | Computer Name = PJ-09B088DDA7C8 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2009 7:56:52 AM | Computer Name = PJ-09B088DDA7C8 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2009 7:57:07 AM | Computer Name = PJ-09B088DDA7C8 | Source = Application Hang | ID = 1001
Description = Fault bucket 1513033607.

Error - 10/31/2009 7:57:25 AM | Computer Name = PJ-09B088DDA7C8 | Source = Application Hang | ID = 1001
Description = Fault bucket 1513033607.

Error - 10/31/2009 8:17:08 AM | Computer Name = PJ-09B088DDA7C8 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 10/31/2009 8:34:09 AM | Computer Name = PJ-09B088DDA7C8 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 11/1/2009 11:11:27 PM | Computer Name = PJ-09B088DDA7C8 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 11/4/2009 10:13:37 AM | Computer Name = PJ-09B088DDA7C8 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 11/4/2009 10:22:49 AM | Computer Name = PJ-09B088DDA7C8 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

[ System Events ]
Error - 10/22/2009 8:12:23 PM | Computer Name = PJ-09B088DDA7C8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the NICCONFIGSVC service
to connect.

Error - 10/22/2009 8:12:23 PM | Computer Name = PJ-09B088DDA7C8 | Source = Service Control Manager | ID = 7000
Description = The NICCONFIGSVC service failed to start due to the following error:
%%1053

Error - 10/22/2009 8:13:27 PM | Computer Name = PJ-09B088DDA7C8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service
to connect.

Error - 10/22/2009 8:13:27 PM | Computer Name = PJ-09B088DDA7C8 | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%1053

Error - 10/24/2009 10:45:42 AM | Computer Name = PJ-09B088DDA7C8 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/26/2009 10:27:31 PM | Computer Name = PJ-09B088DDA7C8 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 10/28/2009 6:50:51 PM | Computer Name = PJ-09B088DDA7C8 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/31/2009 7:49:23 AM | Computer Name = PJ-09B088DDA7C8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10/31/2009 7:49:24 AM | Computer Name = PJ-09B088DDA7C8 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 11/4/2009 10:13:06 AM | Computer Name = PJ-09B088DDA7C8 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding


< End of report >
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-04 17:05:01
Windows 5.1.2600 Service Pack 3
Running: svlov88l.exe; Driver: C:\DOCUME~1\PJC\LOCALS~1\Temp\fwldifoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA2200B0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA16278A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA162738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA16274C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA1627CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA162710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA162724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA16279E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA162776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA162762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA1627F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA1627E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA1627B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP AA1627B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP AA16278E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP AA1627CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP AA1627E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP AA1627A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP AA162714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP AA162728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP AA162766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP AA162750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP AA16273C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP AA16277A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP AA1627FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF733F780]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02370FEF
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0237006E
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02370F79
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02370F94
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02370051
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02370036
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02370090
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02370F54
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02370F1C
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 023700B5
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 023700D0
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02370FAF
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0237000A
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0237007F
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02370FCA
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0237001B
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02370F2D
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02350FD4
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02350FB9
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02350FE5
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0235001B
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0235006C
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0235000A
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0235005B
.text C:\WINDOWS\Explorer.EXE[752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02350040
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02330F90
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!system 77C293C7 5 Bytes JMP 0233001B
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0233000A
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02330FEF
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02330FAB
.text C:\WINDOWS\Explorer.EXE[752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02330FC6
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01D50FE5
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01D50000
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01D5001B
.text C:\WINDOWS\Explorer.EXE[752] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01D50036
.text C:\WINDOWS\Explorer.EXE[752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01D6000A
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0FA8
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE009D
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE005B
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0F86
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE0F97
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0F49
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0F5A
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE0F2E
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE006C
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE00C2
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0036
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\services.exe[1020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE0F75
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0154002C
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01540F83
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0154001B
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0154000A
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01540F94
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01540FEF
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01540FAF
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [74, 89] {JZ 0xffffffffffffff8b}
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01540FC0
.text C:\WINDOWS\system32\services.exe[1020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01530FB5
.text C:\WINDOWS\system32\services.exe[1020] msvcrt.dll!system 77C293C7 5 Bytes JMP 01530FC6
.text C:\WINDOWS\system32\services.exe[1020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0153001B
.text C:\WINDOWS\system32\services.exe[1020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01530FEF
.text C:\WINDOWS\system32\services.exe[1020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0153002C
.text C:\WINDOWS\system32\services.exe[1020] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01530000
.text C:\WINDOWS\system32\services.exe[1020] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\services.exe[1020] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[1020] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\services.exe[1020] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FF0FCD
.text C:\WINDOWS\system32\services.exe[1020] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01520FEF
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E100B5
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E1009A
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E10089
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E10FC0
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E10051
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10F88
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E100DA
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E10F52
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E100EB
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E10F41
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10062
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E10FE5
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E10FAF
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E10036
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E10025
.text C:\WINDOWS\system32\lsass.exe[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E10F77
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF006C
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FF005B
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\lsass.exe[1032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E40F9E
.text C:\WINDOWS\system32\lsass.exe[1032] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E40FB9
.text C:\WINDOWS\system32\lsass.exe[1032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E40FD4
.text C:\WINDOWS\system32\lsass.exe[1032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\lsass.exe[1032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E40029
.text C:\WINDOWS\system32\lsass.exe[1032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E4000C
.text C:\WINDOWS\system32\lsass.exe[1032] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\lsass.exe[1032] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\lsass.exe[1032] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E20FE5
.text C:\WINDOWS\system32\lsass.exe[1032] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E2001B
.text C:\WINDOWS\system32\lsass.exe[1032] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E20FCA
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1092] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC0F75
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC0F86
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0054
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0F97
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0FB9
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC0096
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0085
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC0F18
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC0F33
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC00CC
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC0FA8
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC0025
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC00B1
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FB0FCA
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FB005B
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FB0FE5
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FB001B
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FB0040
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FB000A
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FB0F9E
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1B, 89]
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FB0FB9
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FA0069
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA004E
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FA0FDE
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FA000C
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FA0033
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C90FE5
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C90025
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F9000A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01250FEF
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01250F95
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01250080
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01250FB2
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01250065
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01250FC3
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01250F69
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01250F7A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012500F1
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01250F4E
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01250F33
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0125004A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01250014
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012500A5
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01250FD4
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01250025
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012500CC
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01240FCA
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01240051
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0124001B
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0124000A
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01240F94
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01240FE5
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01240FA5
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [44, 89]
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0124002C
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01230FD4
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!system 77C293C7 5 Bytes JMP 0123005F
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01230029
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01230FEF
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0123004E
.text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01230018
.text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenA 3D95D690 3 Bytes JMP 01210FEF
.text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenA + 4 3D95D694 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenW 3D95DB09 3 Bytes JMP 01210FDE
.text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenW + 4 3D95DB0D 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenUrlA 3D95F3A4 3 Bytes JMP 01210014
.text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenUrlA + 4 3D95F3A8 1 Byte [C3]
.text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01210FC3
.text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01220FEF
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02B20FE5
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02B20F68
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02B20F79
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02B20F8A
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02B2003D
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02B20FC0
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02B2009C
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02B2008B
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02B200E3
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02B200C8
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02B200F4
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02B20FA5
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02B20000
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02B2006E
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02B20022
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02B20011
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02B200B7
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 026F0FAF
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 026F0040
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 026F0000
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 026F0FCA
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 026F001B
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 026F0FE5
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 026F0F79
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 8A]
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 026F0F94
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 026E0027
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 026E0016
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 026E0FC1
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 026E0FE3
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 026E0FA6
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 026E0FD2
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 026C000A
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 026C0FEF
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 026C0025
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 026C0036
.text C:\WINDOWS\System32\svchost.exe[1364] WS2_32.dll!socket 71AB4211 5 Bytes JMP 026D0FEF
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A90F65
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A90F80
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A90F9B
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A9004E
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A90FD1
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A90075
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A90F39
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A900D0
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A900B5
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A90F1C
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A90FAC
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A90011
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A90F54
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A9003D
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A9002C
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A9009A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A80051
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A80FD4
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A80040
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A8001B
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A80FE5
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A80087
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A80076
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A70FA3
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A70FBE
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A70FE3
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A7002E
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A7001D
.text C:\WINDOWS\system32\svchost.exe[1416] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[1416] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A50FDE
.text C:\WINDOWS\system32\svchost.exe[1416] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A50014
.text C:\WINDOWS\system32\svchost.exe[1416] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A50025
.text C:\WINDOWS\system32\svchost.exe[1416] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20086
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20075
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20F9B
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D2004E
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D2003D
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D200A1
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20F65
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D200C6
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20F2D
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D200D7
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D20FAC
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D20011
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D20F76
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D20FD1
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D20022
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D20F3E
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0036
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0062
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD001B
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0051
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CD0FAF
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ED, 88]
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC0FAB
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0036
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0FC6
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1572] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1572] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CA0025
.text C:\WINDOWS\system32\svchost.exe[1572] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CA0036
.text C:\WINDOWS\system32\svchost.exe[1572] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CA0047
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0082
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0071
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0F8D
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0F9E
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FC0
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C00A9
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F61
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C0F3F
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F50
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C00F3
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0FAF
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0011
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0F72
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0FDB
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C002C
.text C:\WINDOWS\system32\wuauclt.exe[1612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C00C4
.text C:\WINDOWS\system32\wuauclt.exe[1612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B006E
.text C:\WINDOWS\system32\wuauclt.exe[1612] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0049
.text C:\WINDOWS\system32\wuauclt.exe[1612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B001D
.text C:\WINDOWS\system32\wuauclt.exe[1612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[1612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B002E
.text C:\WINDOWS\system32\wuauclt.exe[1612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FE3
.text C:\WINDOWS\system32\wuauclt.exe[1612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0FA8
.text C:\WINDOWS\system32\wuauclt.exe[1612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0040
.text C:\WINDOWS\system32\wuauclt.exe[1612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0FB9
.text C:\WINDOWS\system32\wuauclt.exe[1612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0FCA
.text C:\WINDOWS\system32\wuauclt.exe[1612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C002F
.text C:\WINDOWS\system32\wuauclt.exe[1612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[1612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002C001E
.text C:\WINDOWS\system32\wuauclt.exe[1612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0F97
.text C:\WINDOWS\system32\wuauclt.exe[1612] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 006A0FE5
.text C:\WINDOWS\system32\wuauclt.exe[1612] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 006A0FD4
.text C:\WINDOWS\system32\wuauclt.exe[1612] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 006A0FC3
.text C:\WINDOWS\system32\wuauclt.exe[1612] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 006A000A
.text C:\WINDOWS\system32\wuauclt.exe[1612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690000
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0F66
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB005B
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0F83
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0F94
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0040
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB0087
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0F3F
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB0EFF
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB00A2
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DB0EEE
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DB0FB9
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DB0076
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DB0F24
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20FDB
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C20FA8
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C2002C
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E2, 88] {LOOP 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C1002C
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10FC6
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1904] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1904] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[1904] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[1904] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[1904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A60F94
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A60FA5
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A60089
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A6006C
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A60036
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A600B0
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A60F68
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A60F39
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A600D2
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A600F7
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A6005B
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A60F83
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A60025
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A60FD4
.text C:\WINDOWS\system32\svchost.exe[3180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A600C1
.text C:\WINDOWS\system32\svchost.exe[3180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A5004A
.text C:\WINDOWS\system32\svchost.exe[3180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A50FB9
.text C:\WINDOWS\system32\svchost.exe[3180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A5002F
.text C:\WINDOWS\system32\svchost.exe[3180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[3180] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A50080
.text C:\WINDOWS\system32\svchost.exe[3180] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[3180] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A5006F
.text C:\WINDOWS\system32\svchost.exe[3180] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A50FDE
.text C:\WINDOWS\system32\svchost.exe[3180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A40FB5
.text C:\WINDOWS\system32\svchost.exe[3180] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A40FC6
.text C:\WINDOWS\system32\svchost.exe[3180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A4001B
.text C:\WINDOWS\system32\svchost.exe[3180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[3180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A40036
.text C:\WINDOWS\system32\svchost.exe[3180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A40FD7
.text C:\WINDOWS\system32\svchost.exe[3180] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[3180] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A30FDE
.text C:\WINDOWS\system32\svchost.exe[3180] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A30FCD
.text C:\WINDOWS\system32\svchost.exe[3180] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A30FBC
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0FE5
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0071
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0060
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0F86
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0F97
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FB9
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F50
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F61
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C0F35
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C00CE
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C0F1A
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0FA8
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C000A
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C008C
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C001B
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FD4
.text C:\WINDOWS\System32\svchost.exe[3904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C00BD
.text C:\WINDOWS\System32\svchost.exe[3904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0014
.text C:\WINDOWS\System32\svchost.exe[3904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0F57
.text C:\WINDOWS\System32\svchost.exe[3904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FB9
.text C:\WINDOWS\System32\svchost.exe[3904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\System32\svchost.exe[3904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0F72
.text C:\WINDOWS\System32\svchost.exe[3904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\System32\svchost.exe[3904] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0F8D
.text C:\WINDOWS\System32\svchost.exe[3904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\System32\svchost.exe[3904] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0F9E
.text C:\WINDOWS\System32\svchost.exe[3904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00400FB2
.text C:\WINDOWS\System32\svchost.exe[3904] msvcrt.dll!system 77C293C7 5 Bytes JMP 0040003D
.text C:\WINDOWS\System32\svchost.exe[3904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00400FDE
.text C:\WINDOWS\System32\svchost.exe[3904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00400FEF
.text C:\WINDOWS\System32\svchost.exe[3904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00400FC3
.text C:\WINDOWS\System32\svchost.exe[3904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00400018
.text C:\WINDOWS\System32\svchost.exe[3904] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 006B0000
.text C:\WINDOWS\System32\svchost.exe[3904] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 006B001B
.text C:\WINDOWS\System32\svchost.exe[3904] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[3904] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 006B0040
.text C:\WINDOWS\System32\svchost.exe[3904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C90000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7332B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort0 [F7332B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [F7332B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7332B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A8D1CD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:26 AM

Posted 04 November 2009 - 08:44 PM

Hi you are welcome. :(

One or more of the identified infections is a backdoor trojan or rootkit.

This can allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

=======================
First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 pjctpa

pjctpa
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 05 November 2009 - 01:10 AM

Hello,

Thanks so much for your prompt reply...I'm feeling a bit like a deer in headlights...It took me quit a few tries to get the ComboFix to run and then it ran only after asking me to download some Windows components... Also, it restarted my computer before running again and then creating a log... Anyway, here is the log that finally showed up -- I look forward to your continued advice -- many many thanks in advance.

ComboFix 09-11-04.02 - PJC 11/05/2009 0:41.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.518 [GMT -5:00]
Running from: c:\documents and settings\PJC\Desktop\fixthis.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 05:27 . 2009-11-05 05:27 -------- d-----w- C:\fixthis
2009-11-05 05:10 . 2009-11-05 05:10 3564524 ----a-w- C:\kahdah.exe
2009-11-04 14:43 . 2009-11-04 14:43 291328 ----a-w- C:\svlov88l.exe
2009-11-02 14:19 . 2009-09-23 21:37 34112 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\0um1bjfz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-02 14:19 . 2009-09-23 21:37 32448 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\0um1bjfz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-02 14:19 . 2009-09-23 21:37 330072 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\0um1bjfz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe
2009-11-02 14:19 . 2009-09-23 21:37 51168 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\0um1bjfz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_Helper.dll
2009-11-02 14:19 . 2009-09-23 21:37 22352 ----a-w- c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\0um1bjfz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-10-31 16:56 . 2009-10-31 16:56 -------- d-----w- c:\documents and settings\PJC\Local Settings\Application Data\Temp
2009-10-28 02:28 . 2009-10-28 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-28 02:28 . 2009-10-28 02:28 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-26 03:30 . 2009-10-26 03:30 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2009-10-26 03:29 . 2009-10-26 03:29 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-10-25 02:39 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 02:39 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 02:39 . 2009-10-25 02:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 16:24 . 2009-10-24 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-10-24 16:17 . 2009-10-24 16:17 -------- d-----w- c:\program files\Citrix
2009-10-24 14:44 . 2009-10-24 14:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-24 14:36 . 2009-10-24 14:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-24 14:35 . 2009-10-24 14:45 -------- d-----w- c:\documents and settings\PJC\Local Settings\Application Data\Google
2009-10-24 14:35 . 2009-10-24 14:51 -------- d-----w- c:\program files\Google
2009-10-24 14:34 . 2009-10-31 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-24 00:25 . 2009-10-24 00:25 -------- d-----w- c:\program files\IDT
2009-10-24 00:25 . 2007-09-06 01:25 204800 ----a-w- c:\windows\system32\stacsv.exe
2009-10-24 00:25 . 2007-09-06 01:24 1900544 ----a-w- c:\windows\system32\stlang.dll
2009-10-24 00:25 . 2007-09-06 01:24 405504 ----a-w- c:\windows\sttray.exe
2009-10-20 03:44 . 2009-10-20 03:44 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-20 03:43 . 2009-10-20 03:43 -------- d-----w- c:\program files\Real
2009-10-20 03:43 . 2009-10-20 03:44 -------- d-----w- c:\program files\Common Files\Real
2009-10-17 15:24 . 2007-06-11 18:25 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2009-10-17 15:24 . 2007-03-01 20:53 73728 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys
2009-10-17 15:24 . 2007-04-24 17:20 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys
2009-10-16 18:51 . 2009-10-16 19:18 -------- d-----w- c:\documents and settings\PJC\Local Settings\Application Data\ApplicationHistory
2009-10-16 18:39 . 2009-10-16 18:39 -------- d-sh--w- c:\documents and settings\PJC\IECompatCache
2009-10-16 18:38 . 2009-10-16 18:38 -------- d-sh--w- c:\documents and settings\PJC\PrivacIE
2009-10-16 18:14 . 2009-10-16 18:14 -------- d-sh--w- c:\documents and settings\PJC\IETldCache
2009-10-16 18:13 . 2009-10-16 18:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-16 18:09 . 2009-10-16 18:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-16 17:27 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-16 17:27 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-16 17:27 . 2009-10-16 18:53 -------- d-----w- c:\windows\ie8updates
2009-10-16 17:26 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-16 17:22 . 2009-10-16 17:26 -------- dc-h--w- c:\windows\ie8
2009-10-16 17:05 . 2009-10-16 17:05 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-16 17:05 . 2009-10-16 17:05 -------- d-----w- c:\program files\MSBuild
2009-10-16 17:04 . 2009-10-16 17:04 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 17:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-16 17:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-16 17:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-16 17:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-16 17:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-16 17:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-16 17:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-16 17:03 . 2009-10-16 17:04 -------- d-----w- C:\96ee75eeb6f9be21860b8ecb441a22
2009-10-16 16:51 . 2009-10-16 16:53 -------- d-----w- c:\windows\system32\URTTemp
2009-10-16 15:51 . 2009-10-16 15:51 -------- d-----w- c:\documents and settings\PJC\Application Data\Malwarebytes
2009-10-16 15:50 . 2009-10-16 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-08 22:57 . 2009-10-08 22:57 29376 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 05:38 . 2009-10-24 00:25 6688 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-11-05 00:20 . 2009-06-08 12:56 117760 ----a-w- c:\documents and settings\PJC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-04 14:29 . 2007-09-13 17:44 29608 ----a-w- c:\documents and settings\PJC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 11:59 . 2007-09-17 14:08 -------- d-----w- c:\documents and settings\PJC\Application Data\AdobeUM
2009-10-30 12:41 . 2008-08-29 02:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-25 02:53 . 2009-04-27 02:08 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-23 15:22 . 2007-09-13 16:22 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-23 15:18 . 2007-09-13 17:32 -------- d-----w- c:\program files\CyberLink
2009-10-23 15:18 . 2007-09-13 16:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 15:16 . 2007-11-28 01:40 -------- d-----w- c:\documents and settings\PJC\Application Data\Move Networks
2009-10-22 01:12 . 2007-09-13 17:23 -------- d-----w- c:\program files\McAfee
2009-10-19 23:51 . 2009-03-30 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-16 16:13 . 2007-10-05 17:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-08 22:56 . 2008-04-22 16:17 -------- d-----w- c:\documents and settings\PJC\Application Data\Apple Computer
2009-09-26 23:24 . 2009-03-30 00:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-24 01:48 . 2009-09-24 01:46 -------- d-----w- c:\program files\iTunes
2009-09-24 01:48 . 2009-09-24 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-24 01:46 . 2009-09-24 01:46 -------- d-----w- c:\program files\iPod
2009-09-24 01:46 . 2008-04-22 16:14 -------- d-----w- c:\program files\Common Files\Apple
2009-09-24 01:42 . 2009-09-24 01:41 -------- d-----w- c:\program files\QuickTime
2009-09-24 01:32 . 2009-09-24 01:32 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-16 14:22 . 2007-09-13 17:24 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2007-09-13 17:24 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2007-09-13 17:24 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2007-09-13 17:24 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2007-09-13 17:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2009-09-11 14:18 136192 ----a-w- c:\windows\system32\SETA2.tmp
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 00:30 . 2009-01-20 21:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2009-09-04 21:03 58880 ----a-w- c:\windows\system32\SETB9.tmp
2009-08-29 08:08 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-15 21:53 . 2009-08-15 21:53 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-16 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-20 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"IDTSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-09-06 405504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-10-06 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 00:39 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 74480]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/28/2008 9:42 PM 210216]
S2 gupdate1ca54b748f58ee2;Google Update Service (gupdate1ca54b748f58ee2);c:\program files\Google\Update\GoogleUpdate.exe [10/24/2009 9:35 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 14:35]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 14:35]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-13 16:22]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-13 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\documents and settings\PJC\Application Data\Mozilla\Firefox\Profiles\nxygho8u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 00:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-05 0:57
ComboFix-quarantined-files.txt 2009-11-05 05:57

Pre-Run: 94,933,643,264 bytes free
Post-Run: 94,956,445,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:26 AM

Posted 05 November 2009 - 05:46 AM

You are welcome.

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 pjctpa

pjctpa
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 05 November 2009 - 07:00 PM

Hi,

Thanks again. I ran Malwarebytes -- log is attached -- program did not indicate any issues. HOWEVER, not sure if important, but a McAfee scan was run on my computer overnight and and 2 trojans were found and removed (Artemis! in C:\Documents and Settings\PJC\Desktop\OTL.exe and Artemis in C:\Documents and Settings\PJC\LocalSettings\ApplicationData\Mozilla\Firefox\Profiles\NXYGHO8U.Default\Cache\79C731ACD01. Sorry, I did not know how to copy a log so I believe I typed it correctly -- there is more of a description than 'Artemis!' in the detail section of Mcafee if you need that info. This was before I got your email and ran the Malwarebytes. I then ran the ESET and that found 1 thing -- log attached. I look forward to hearing from you.

Malwarebytes' Anti-Malware 1.41
Database version: 3105
Windows 5.1.2600 Service Pack 3

11/5/2009 8:43:48 AM
mbam-log-2009-11-05 (08-43-48).txt

Scan type: Quick Scan
Objects scanned: 105517
Time elapsed: 13 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=234f7c9cfb50724bbb0811a151e4c793
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-05 02:58:30
# local_time=2009-11-05 09:58:30 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776533 100 96 364017 9437931 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=46799
# found=1
# cleaned=1
# scan_time=3904
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus (deleted - quarantined) 00000000000000000000000000000000 C

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:26 AM

Posted 06 November 2009 - 08:00 AM

MCafee is trigger happy.
They deleted our tool OTL. :(

ANyway how does the system act now.

Save OTL again to your desktop please.
Tell Mcafee to not delete it when prompted.
OTL
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 pjctpa

pjctpa
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 November 2009 - 08:43 PM

Hello,

My apologies -- your latest email ended up in my 'spam folder' -- please don't think that I'm not extremely grateful for all of your help. I've rerun OTL per your request -- attached is the log...I look forward to hearing from you -- thanks again in advance.

OTL logfile created on: 11/8/2009 8:33:24 PM - Run 2
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\PJC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 398.79 Mb Available Physical Memory | 39.33% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 74.88% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 88.34 Gb Free Space | 79.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PJ-09B088DDA7C8
Current User Name: PJC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\PJC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\PJC\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\MSVCP71.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\system32\MSVCR71.DLL (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gupdate1ca54b748f58ee2) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (IDT, Inc.)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 16:57:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/16 13:52:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/10/19 22:44:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 21:51:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 21:51:38 | 00,000,000 | ---D | M]

[2008/12/16 22:05:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Mozilla\Extensions
[2008/12/16 22:05:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/04 17:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Mozilla\Firefox\Profiles\nxygho8u.default\extensions
[2009/10/27 21:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Mozilla\Firefox\Profiles\nxygho8u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/28 07:22:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PJC\Application Data\Mozilla\Firefox\Profiles\nxygho8u.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2008/12/16 22:05:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 21:51:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/29 21:51:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 21:51:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/29 21:51:33 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/19 22:44:48 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/09/23 20:42:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/23 20:42:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/23 20:42:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/23 20:42:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/23 20:42:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/23 20:42:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/23 20:42:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/19 22:45:07 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/10/19 22:44:38 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/09/23 20:15:43 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/23 20:15:43 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/09/23 20:15:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/23 20:15:44 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/23 20:15:44 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/23 20:15:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/23 20:15:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/13 11:01:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/08 20:22:18 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PJC\Desktop\OTL.exe
[2009/11/05 08:48:04 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/05 00:33:37 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/05 00:30:38 | 00,000,000 | ---D | C] -- C:\fixthis17173f
[2009/11/05 00:27:20 | 00,000,000 | ---D | C] -- C:\fixthis
[2009/11/05 00:20:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/05 00:20:43 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/05 00:20:43 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/05 00:20:43 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/05 00:19:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/05 00:12:16 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/31 11:56:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Local Settings\Application Data\Temp
[2009/10/29 21:52:44 | 08,080,728 | ---- | C] (Mozilla) -- C:\Documents and Settings\PJC\Desktop\Firefox Setup 3.5.4.exe
[2009/10/27 21:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/10/27 21:28:16 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/10/24 21:39:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/24 21:39:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/24 21:39:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/24 13:16:22 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\PJC\Desktop\RootRepeal.exe
[2009/10/24 11:24:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/10/24 11:17:25 | 00,000,000 | ---D | C] -- C:\Program Files\Citrix
[2009/10/24 09:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Local Settings\Application Data\Google
[2009/10/24 09:35:29 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/10/24 09:34:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/23 19:25:44 | 00,000,000 | ---D | C] -- C:\Program Files\IDT
[2009/10/23 19:25:37 | 01,900,544 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2009/10/23 19:25:37 | 00,204,800 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2009/10/23 19:25:36 | 00,405,504 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
[2009/10/19 22:44:48 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/19 22:44:34 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/19 22:44:34 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/19 22:44:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/19 22:43:27 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/19 22:43:22 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/10/19 22:43:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/10/19 22:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/10/19 22:43:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Application Data\Real
[2009/10/17 10:24:25 | 00,073,728 | ---- | C] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\drivers\Tosrfhid.sys
[2009/10/17 10:24:25 | 00,041,856 | ---- | C] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\drivers\tosrfusb.sys
[2009/10/17 10:24:24 | 00,113,920 | ---- | C] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\drivers\tosrfbd.sys
[2009/10/16 13:51:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Local Settings\Application Data\ApplicationHistory
[2009/10/16 13:39:30 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\PJC\IECompatCache
[2009/10/16 13:38:35 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\PJC\PrivacIE
[2009/10/16 13:14:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\PJC\IETldCache
[2009/10/16 12:27:37 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/10/16 12:27:34 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/10/16 12:27:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/16 12:26:20 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/10/16 12:22:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/16 12:05:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/16 12:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/16 12:04:49 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/16 12:03:55 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/10/16 12:03:55 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/10/16 12:03:55 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/10/16 12:03:55 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/10/16 12:03:55 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/10/16 12:03:54 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/10/16 12:03:54 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/10/16 12:03:53 | 00,000,000 | ---D | C] -- C:\96ee75eeb6f9be21860b8ecb441a22
[2009/10/16 11:52:02 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/10/16 11:52:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/10/16 11:51:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009/10/16 10:57:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/16 10:51:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PJC\Application Data\Malwarebytes
[2009/10/16 10:50:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/16 10:28:52 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\PJC\Recent
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/08 20:22:42 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PJC\Desktop\OTL.exe
[2009/11/08 20:07:17 | 00,018,111 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/08 20:06:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/08 20:05:53 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/08 20:05:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/08 20:05:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/08 11:01:02 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/08 10:51:20 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\PJC\ntuser.dat
[2009/11/06 09:35:09 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\PJC\ntuser.ini
[2009/11/06 09:34:34 | 06,942,000 | -H-- | M] () -- C:\Documents and Settings\PJC\Local Settings\Application Data\IconCache.db
[2009/11/05 10:57:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/05 00:54:14 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/05 00:33:52 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/05 00:17:31 | 03,564,524 | R--- | M] () -- C:\Documents and Settings\PJC\Desktop\fixthis.exe
[2009/11/05 00:10:50 | 03,564,524 | ---- | M] () -- C:\kahdah.exe
[2009/11/04 20:30:36 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/04 19:22:38 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/04 19:22:38 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/04 19:22:37 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/04 17:28:35 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\PJC\Desktop\Spybot - Search & Destroy.lnk
[2009/11/04 09:43:27 | 00,291,328 | ---- | M] () -- C:\svlov88l.exe
[2009/11/04 09:29:37 | 00,029,608 | ---- | M] () -- C:\Documents and Settings\PJC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/29 21:54:03 | 08,080,728 | ---- | M] (Mozilla) -- C:\Documents and Settings\PJC\Desktop\Firefox Setup 3.5.4.exe
[2009/10/28 21:56:40 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\PJC\My Documents\names.doc
[2009/10/27 21:28:19 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/27 21:28:17 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan.lnk
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 21:39:22 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 13:17:51 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\PJC\Desktop\settings.dat
[2009/10/24 13:16:45 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\PJC\Desktop\RootRepeal.exe
[2009/10/24 13:04:52 | 00,523,264 | ---- | M] () -- C:\Documents and Settings\PJC\Desktop\dds.scr
[2009/10/24 09:37:33 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/23 19:22:07 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/23 10:39:48 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/23 10:39:21 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/23 10:39:21 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/19 22:44:48 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/19 22:44:34 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/19 22:44:34 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/19 22:43:27 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/16 14:31:27 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/16 13:07:59 | 00,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/16 10:57:56 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/05 00:33:51 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/05 00:33:40 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/05 00:20:43 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/05 00:20:43 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/05 00:20:43 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/05 00:20:43 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/05 00:20:43 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/05 00:17:30 | 03,564,524 | R--- | C] () -- C:\Documents and Settings\PJC\Desktop\fixthis.exe
[2009/11/05 00:10:35 | 03,564,524 | ---- | C] () -- C:\kahdah.exe
[2009/11/04 09:43:17 | 00,291,328 | ---- | C] () -- C:\svlov88l.exe
[2009/10/27 21:28:19 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/27 21:28:17 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan.lnk
[2009/10/24 21:39:22 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 13:17:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\PJC\Desktop\settings.dat
[2009/10/24 13:04:30 | 00,523,264 | ---- | C] () -- C:\Documents and Settings\PJC\Desktop\dds.scr
[2009/10/24 09:51:53 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/24 09:51:53 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/24 09:37:33 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/23 10:38:53 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/23 10:38:53 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/19 23:11:41 | 06,942,000 | -H-- | C] () -- C:\Documents and Settings\PJC\Local Settings\Application Data\IconCache.db
[2009/10/16 13:43:44 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/10/16 11:54:59 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2007/12/26 11:53:08 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/11/03 14:50:14 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\PJC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/24 10:58:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/13 12:44:01 | 00,029,608 | ---- | C] () -- C:\Documents and Settings\PJC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/09/13 11:36:45 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/09/13 11:36:45 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/09/13 11:22:49 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/09/13 11:22:47 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/09/13 11:07:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\PJC\Application Data\desktop.ini
[2007/09/13 06:49:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/04 05:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:26 AM

Posted 09 November 2009 - 07:56 AM

Looks good how are things running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 pjctpa

pjctpa
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 09 November 2009 - 10:26 AM

Hi,

Good to hear that news...Things seem to be running fine --- my google searches are no longer redirected, which was what raised my suspicions to begin with...What are your thoughts on whether or not I should leave all of the programs on my computer that we downloaded and used? Many many thanks again. Hope you have a good day.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:26 AM

Posted 09 November 2009 - 06:50 PM

You are welcome.
Doing the below will remove the things I had you download:


=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
======Next======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users