Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware problem, rootkit ?


  • This topic is locked This topic is locked
19 replies to this topic

#1 t-burg

t-burg

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 24 October 2009 - 02:53 PM

Referred from: http://www.bleepingcomputer.com/forums/t/265449/sounds-like-rootkit-issue-here-i-think/ ~ OB

Hopefully I'll include all the info you need to fix me! I have a desktop with Vista Home Premium. My initial problem started when I downloaded something from LimeWire. Have since dumped that program. Now I get multiple alerts from sites that just pop up warning be about viruses and registry cleaning, etc. I've run Malwarebytes several times, but they return. quietman7 has put me through the process so here are the details. Please let me know if I've missed anything or you need something else. THANK YOU!!
Attach.txt and ark.txt files will be attached. Here is a copy/paste of the DDS.txt:

DDS (Ver_09-10-13.01) - NTFSx86
Run by Terry at 11:16:18.49 on Fri 10/23/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2039.1035 [GMT -5:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\java.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Terry\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.charter.com/
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5620
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {01784810-7531-42b1-b905-be0eda1196d7} - c:\windows\system32\csrsrv32.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5772/mcfscan.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\windows\system32\clusapi32.dll,c:\windows\system32\dispci32.dll,c:\windows\system32\blackbox32.dll,c:\windows\system32\d3d832.dll,c:\windows\system32\bthserv32.dll,c:\windows\system32\d3dim70032.dll

============= SERVICES / DRIVERS ===============

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-10-23 167808]

=============== Created Last 30 ================

2009-10-23 11:11 202,240 a------- c:\windows\system32\csrsrv32.dll
2009-10-23 11:11 1,372 a------- c:\windows\system32\EaYXoSP9Jmewf.vbs
2009-10-23 10:55 202,240 a------- c:\windows\system32\framedynos32.dll
2009-10-23 10:55 1,372 a------- c:\windows\system32\jNGeDRb.vbs
2009-10-20 20:44 72,704 a------- c:\windows\system32\admparse.dll
2009-10-20 20:41 --d-h--- c:\windows\msdownld.tmp
2009-10-20 11:35 --d----- c:\program files\Cobian Backup 8
2009-10-20 10:13 1,372 a------- c:\windows\system32\cIWBawyYtKy0ah1.vbs
2009-10-20 09:40 1,372 a------- c:\windows\system32\oOpMU.vbs
2009-10-19 13:53 --d----- c:\users\terry\DoctorWeb
2009-10-19 12:36 1,372 a------- c:\windows\system32\xaj0m7Sn42Vhg.vbs
2009-10-19 12:20 1,372 a------- c:\windows\system32\IGKpXrS0J2YFfuM.vbs
2009-10-19 08:49 1,372 a------- c:\windows\system32\KCyOYqLccIYHv.vbs
2009-10-19 08:10 1,372 a------- c:\windows\system32\2TW4uTqa3aYqjlN.vbs
2009-10-17 20:44 1,372 a------- c:\windows\system32\nvQZq.vbs
2009-10-17 20:34 1,372 a------- c:\windows\system32\ud6GwqW.vbs
2009-10-16 22:08 1,372 a------- c:\windows\system32\08rjIhB.vbs
2009-10-16 17:18 1,372 a------- c:\windows\system32\VVHvCO4Y03S0n.vbs
2009-10-16 17:04 16 a------- c:\windows\popcinfo.dat
2009-10-16 12:42 --d----- c:\windows\McAfee.com
2009-10-16 08:01 --d----- c:\windows\system32\EventProviders
2009-10-16 08:01 --d----- C:\9577ecbf483cad75c8d3f76a06e3
2009-10-15 20:42 11,329 a------- c:\windows\system32\Config.MPF
2009-10-15 20:41 --d----- c:\programdata\SiteAdvisor
2009-10-15 20:38 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-10-15 20:38 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-10-15 20:38 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-10-15 20:38 130,424 a------- c:\windows\system32\drivers\Mpfp.sys
2009-10-15 20:38 --d----- c:\program files\common files\McAfee
2009-10-15 20:38 --d----- c:\program files\McAfee.com
2009-10-15 20:34 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-10-15 17:17 --d----- C:\Malwarebytes' Anti-Malware
2009-10-15 17:12 1,372 a------- c:\windows\system32\6uRikhZ2qIwyp.vbs
2009-10-15 17:06 121,344 a------- c:\windows\system32\d3dim70032.dll
2009-10-15 17:05 121,344 a------- c:\windows\system32\bthserv32.dll
2009-10-15 17:03 121,344 a------- c:\windows\system32\d3d832.dll
2009-10-15 17:03 121,344 a------- c:\windows\system32\blackbox32.dll
2009-10-15 17:01 121,344 a------- c:\windows\system32\dispci32.dll
2009-10-15 17:01 121,344 a------- c:\windows\system32\clusapi32.dll
2009-10-15 17:01 1,372 a------- c:\windows\system32\VjZtR.vbs
2009-10-15 17:00 1,372 a------- c:\windows\system32\N3aZACi.vbs
2009-10-14 04:06 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-14 04:06 3,597,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-14 04:06 3,546,184 a------- c:\windows\system32\ntoskrnl.exe
2009-10-14 04:06 428,544 a------- c:\windows\system32\EncDec.dll
2009-10-14 04:06 293,376 a------- c:\windows\system32\psisdecd.dll
2009-10-14 04:06 217,088 a------- c:\windows\system32\psisrndr.ax
2009-10-14 04:06 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-10-14 04:06 80,896 a------- c:\windows\system32\MSNP.ax
2009-10-14 04:06 61,440 a------- c:\windows\system32\msasn1.dll
2009-10-14 04:06 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-14 04:06 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 00:13 --d-h--- c:\windows\PIF

==================== Find3M ====================

2009-10-20 14:12 19,984 a------- c:\users\terry\appdata\roaming\wklnhst.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-09 10:16 86,016 a------- c:\windows\inf\infstrng.dat
2009-09-09 10:16 51,200 a------- c:\windows\inf\infpub.dat
2009-09-09 10:16 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 07:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 07:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 07:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 07:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 07:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 05:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 00:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 00:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 00:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 22:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 11:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 11:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-16 14:08 174 a--sh--- c:\program files\desktop.ini
2009-07-01 13:24 61,224 a------- c:\users\terry\GoToAssistDownloadHelper.exe
2008-07-27 15:07 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:20:15.85 ===============

Attached Files


Edited by Orange Blossom, 24 October 2009 - 06:55 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:37 PM

Posted 01 November 2009 - 11:06 AM

Hello t-burg

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 02 November 2009 - 04:18 PM

Ok, here we go. I'll copy/paste the three items you requested below, question tho. Once this is all done, what steps need to be taken to prevent this in the future and steps I can do on my brother and others' computers so they never have to go thru this?! Again, thanks much for your help. Paypal donation certainly on the way once this is done. Terry

OTL.Txt:


OTL logfile created on: 11/2/2009 10:56:38 AM - Run 1
OTL by OldTimer - Version 3.1.2.2 Folder = C:\Users\Terry\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.52% Memory free
4.00 Gb Paging File | 3.09 Gb Available in Paging File | 77.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 209.46 Gb Free Space | 72.71% Space Free | Partition Type: NTFS
Drive D: | 10.04 Gb Total Space | 3.18 Gb Free Space | 31.69% Space Free | Partition Type: NTFS
Drive E: | 74.50 Gb Total Space | 65.24 Gb Free Space | 87.58% Space Free | Partition Type: NTFS
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERRY-PC
Current User Name: Terry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Terry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Win32 Services (SafeList) ==========

SRV - (GameConsoleService) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (McODS) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (iPod Service) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (mcmscsvc) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MSK80Service) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (gusvc) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Apple Mobile Device) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gupdate1c9c373b9d17d37) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (McAfee SiteAdvisor Service) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (LinksysUpdater) [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (nmservice) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (WinDefend) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) [On_Demand | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (ehSched) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) MPFP [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (pnarp) Pure Networks Device Discovery Driver [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) Pure Networks Wireless Driver [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (vsmraid) vsmraid [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (igfx) igfx [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) ialm [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) adp94xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) elxstor [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) adpahci [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) uliahci [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) adpu320 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) UlSata [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) adpu160m [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) nvraid [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) iirsp [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) nvstor [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) aic78xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) arcsas [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) arc [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) megasas [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) viaide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) cmdide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) aliide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (NETw2v32) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) Realtek 10/100 NIC Family NDIS x86 Driver [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (secdrv) Security Driver [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTLWUSB) NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (UsbDiag) LGE Mobile USB Serial Port [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) LGE CDMA USB Modem [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Soft India)
DRV - (usbbus) LGE CDMA Composite USB Device [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Terry\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\clusapi32.dll ()
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dsound.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5620

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 10 48 78 01 31 75 B1 42 B9 05 BE 0E DA 11 96 D7 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:34:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/18 09:26:58 | 00,000,000 | ---D | M]

[2009/04/01 01:57:17 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/10/18 14:48:27 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2009/10/18 14:48:27 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2009/04/01 01:57:17 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/04/09 11:01:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/08 14:53:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2008/08/06 05:13:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/10/18 14:48:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/18 14:48:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/06 05:13:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/08 14:53:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/09 11:01:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/17 01:18:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/17 01:18:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {01784810-7531-42B1-B905-BE0EDA1196D7} - C:\Windows\System32\CompatUI32.dll ()
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...772/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 24.196.64.53 24.159.193.40 192.168.1.1 68.115.71.53 24.196.64.53 24.159.193.40
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\clusapi32.dll) - C:\Windows\System32\clusapi32.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\dispci32.dll) - C:\Windows\System32\dispci32.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\blackbox32.dll) - C:\Windows\System32\blackbox32.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\d3d832.dll) - C:\Windows\System32\d3d832.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\bthserv32.dll) - C:\Windows\System32\bthserv32.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\d3dim70032.dll) - C:\Windows\System32\d3dim70032.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/03/17 19:49:00 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/02 10:55:12 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
[2009/11/02 10:52:31 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\HyjackThis no. 1 stuff
[2009/10/29 10:46:32 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/29 10:46:32 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/29 10:46:32 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/29 10:46:31 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/29 10:45:59 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/29 10:45:59 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/29 10:45:59 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/29 10:45:47 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/29 10:45:47 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/28 17:53:19 | 00,000,000 | ---D | C] -- C:\Program Files\Real Estate ToolKit
[2009/10/26 16:44:01 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\MY EBAY AUCTIONS
[2009/10/20 19:57:33 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/10/20 19:47:11 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/20 19:47:11 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/20 19:47:10 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/10/20 19:47:10 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/20 19:47:09 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/20 19:47:09 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/20 19:47:09 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/10/20 19:47:08 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/10/20 19:47:08 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/10/20 19:47:07 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/20 19:47:07 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/10/20 19:47:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/10/20 19:47:06 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/20 19:47:06 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/20 19:47:06 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/20 19:47:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/10/20 19:47:05 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/20 19:47:05 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/10/20 19:47:05 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/20 19:47:04 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/20 19:44:20 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/10/20 19:44:20 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/10/20 19:44:20 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/10/20 19:44:20 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/10/20 19:44:19 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/10/20 19:44:19 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/10/20 19:44:19 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/10/20 19:44:19 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/10/20 19:44:19 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/10/20 19:44:19 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/10/20 19:44:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/20 19:44:18 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/10/20 19:44:18 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/10/20 19:44:18 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/10/20 19:44:17 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/10/20 19:44:17 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/10/20 19:44:16 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/20 19:44:16 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/10/20 19:44:16 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/10/20 19:44:16 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/10/20 19:44:15 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/20 19:44:15 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/10/20 19:44:15 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/10/20 19:44:15 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/10/20 19:44:14 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/10/20 19:44:13 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/20 19:44:13 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/10/20 19:44:12 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/10/20 19:44:12 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/10/20 19:44:12 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/10/20 19:44:12 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/10/20 19:44:12 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/10/20 19:44:12 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/10/20 19:42:42 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/10/20 19:41:55 | 00,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2009/10/20 10:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2009/10/19 12:53:08 | 00,000,000 | ---D | C] -- C:\Users\Terry\DoctorWeb
[2009/10/19 12:48:17 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Left side desk top
[2009/10/19 12:47:29 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\right side desk top
[2009/10/19 11:07:11 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\virus fix stuff
[2009/10/17 11:17:29 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Stuff to backup
[2009/10/16 11:42:41 | 00,000,000 | ---D | C] -- C:\Windows\McAfee.com
[2009/10/16 07:01:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/10/16 07:01:52 | 00,000,000 | ---D | C] -- C:\9577ecbf483cad75c8d3f76a06e3
[2009/10/15 19:41:30 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/15 19:41:30 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/15 19:38:45 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/10/15 19:38:45 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2009/10/15 19:38:45 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009/10/15 19:38:36 | 00,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2009/10/15 19:38:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/10/15 19:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/10/15 19:34:01 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/10/15 16:17:57 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2009/10/14 03:06:46 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/14 03:06:42 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/14 03:06:42 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/14 03:06:27 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/14 03:06:27 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/10/14 03:06:27 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/10/14 03:06:26 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/10/14 03:06:26 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/10/14 03:06:10 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/14 03:06:09 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/14 03:06:07 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/04 23:13:02 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/02 10:57:43 | 03,670,016 | -HS- | M] () -- C:\Users\Terry\ntuser.dat
[2009/11/02 10:57:39 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B2F917B6-E479-4B4F-A9E4-3550BA7BA6B3}.job
[2009/11/02 10:55:18 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
[2009/11/02 10:50:56 | 00,002,607 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689P.manifest
[2009/11/02 10:21:01 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/02 09:56:10 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/02 09:56:10 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/02 08:03:36 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/02 08:03:36 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/02 08:03:36 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/02 08:00:35 | 00,202,240 | ---- | M] () -- C:\Windows\System32\CompatUI32.dll
[2009/11/02 08:00:34 | 00,001,372 | ---- | M] () -- C:\Windows\System32\sdD6pC3.vbs
[2009/11/02 07:57:05 | 00,012,651 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/11/02 07:56:19 | 00,005,609 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689C.manifest
[2009/11/02 07:56:18 | 00,000,665 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689O.manifest
[2009/11/02 07:56:18 | 00,000,011 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689S.manifest
[2009/11/02 07:56:15 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/02 07:56:11 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/02 07:56:07 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/02 07:56:04 | 21,386,28096 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/01 19:35:01 | 00,524,288 | -HS- | M] () -- C:\Users\Terry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/01 19:35:01 | 00,065,536 | -HS- | M] () -- C:\Users\Terry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/01 19:34:49 | 03,584,993 | -H-- | M] () -- C:\Users\Terry\AppData\Local\IconCache.db
[2009/11/01 18:17:31 | 00,002,231 | ---- | M] () -- C:\Users\Terry\Desktop\iTunes.lnk
[2009/11/01 08:20:24 | 00,202,240 | ---- | M] () -- C:\Windows\System32\C_ISCII32.dll
[2009/11/01 08:20:24 | 00,001,372 | ---- | M] () -- C:\Windows\System32\hRO7U.vbs
[2009/11/01 02:48:30 | 00,000,000 | ---- | M] () -- C:\Windows\System32\GroupPolicy000.dat
[2009/11/01 00:00:13 | 00,000,318 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/10/31 06:50:19 | 00,202,240 | ---- | M] () -- C:\Windows\System32\dot3dlg32.dll
[2009/10/31 06:50:18 | 00,001,372 | ---- | M] () -- C:\Windows\System32\OjOoTHT.vbs
[2009/10/30 14:28:05 | 00,202,240 | ---- | M] () -- C:\Windows\System32\colorui32.dll
[2009/10/30 14:28:05 | 00,001,372 | ---- | M] () -- C:\Windows\System32\9nI8l4c.vbs
[2009/10/30 11:29:52 | 00,179,528 | ---- | M] () -- C:\Users\Terry\Desktop\pic02781_x[1].jpg
[2009/10/30 11:28:42 | 00,119,515 | ---- | M] () -- C:\Users\Terry\Desktop\pic02779_x[1].jpg
[2009/10/30 10:23:02 | 00,020,566 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2009/10/30 09:32:01 | 00,000,166 | ---- | M] () -- C:\Users\Terry\Desktop\WINGFAM.url
[2009/10/29 17:11:51 | 00,070,304 | ---- | M] () -- C:\Users\Terry\Desktop\ssb 1.JPG
[2009/10/29 17:09:13 | 00,087,962 | ---- | M] () -- C:\Users\Terry\Desktop\ssb 2.JPG
[2009/10/29 14:17:25 | 00,170,839 | ---- | M] () -- C:\Users\Terry\Desktop\j 005.JPG
[2009/10/29 14:16:32 | 00,155,123 | ---- | M] () -- C:\Users\Terry\Desktop\j 006.JPG
[2009/10/29 14:14:36 | 00,457,564 | ---- | M] () -- C:\Users\Terry\Desktop\j 001.JPG
[2009/10/29 12:32:53 | 00,202,240 | ---- | M] () -- C:\Windows\System32\els3232.dll
[2009/10/29 12:32:53 | 00,001,372 | ---- | M] () -- C:\Windows\System32\qStpMu5wI6cXYEE.vbs
[2009/10/29 09:17:45 | 00,202,240 | ---- | M] () -- C:\Windows\System32\dmdskres32.dll
[2009/10/29 09:17:45 | 00,001,372 | ---- | M] () -- C:\Windows\System32\sVZI9dS.vbs
[2009/10/28 21:14:20 | 00,368,779 | ---- | M] () -- C:\Users\Terry\Desktop\f 006.JPG
[2009/10/28 20:33:23 | 00,000,309 | ---- | M] () -- C:\Users\Terry\Desktop\Wisconsin Investment Clubs Companies.url
[2009/10/28 18:07:20 | 00,000,297 | ---- | M] () -- C:\Users\Terry\Desktop\C. Sheets Site.url
[2009/10/28 17:53:28 | 00,000,807 | ---- | M] () -- C:\Users\Public\Desktop\C. Sheets R. Estate Toolkit.lnk
[2009/10/28 12:09:43 | 00,202,240 | ---- | M] () -- C:\Windows\System32\deskadp32.dll
[2009/10/28 12:09:42 | 00,001,372 | ---- | M] () -- C:\Windows\System32\N4bMQyOjpQEl3.vbs
[2009/10/28 11:58:48 | 00,202,240 | ---- | M] () -- C:\Windows\System32\hhsetup32.dll
[2009/10/28 11:58:48 | 00,001,372 | ---- | M] () -- C:\Windows\System32\Ha0D3.vbs
[2009/10/27 08:50:39 | 00,202,240 | ---- | M] () -- C:\Windows\System32\Faultrep32.dll
[2009/10/27 08:50:39 | 00,001,372 | ---- | M] () -- C:\Windows\System32\A8Vh9X4EfLRb3cX.vbs
[2009/10/26 16:11:47 | 00,202,240 | ---- | M] () -- C:\Windows\System32\dimsroam32.dll
[2009/10/26 16:11:47 | 00,001,372 | ---- | M] () -- C:\Windows\System32\O5Nx8QTeUhaCF.vbs
[2009/10/26 08:32:44 | 00,010,752 | ---- | M] () -- C:\Users\Terry\Desktop\PS3 Tips Sheet.wps
[2009/10/26 08:20:28 | 00,009,728 | ---- | M] () -- C:\Users\Terry\Desktop\Console Repair Ticket.wps
[2009/10/26 08:00:38 | 00,009,728 | ---- | M] () -- C:\Users\Terry\Desktop\Blank Works.wps
[2009/10/26 06:34:50 | 00,202,240 | ---- | M] () -- C:\Windows\System32\els32.dll
[2009/10/26 06:34:50 | 00,001,372 | ---- | M] () -- C:\Windows\System32\G9nTWcpy7spAzjT.vbs
[2009/10/25 17:32:47 | 00,134,010 | ---- | M] () -- C:\Users\Terry\Desktop\new 013.JPG
[2009/10/25 13:31:11 | 00,001,372 | ---- | M] () -- C:\Windows\System32\USig8zeUTsUcHVU.vbs
[2009/10/24 13:32:32 | 00,202,240 | ---- | M] () -- C:\Windows\System32\dmsynth32.dll
[2009/10/24 13:32:32 | 00,001,372 | ---- | M] () -- C:\Windows\System32\fw9Lu4yqU73Kz.vbs
[2009/10/23 10:46:00 | 00,202,240 | ---- | M] () -- C:\Windows\System32\d3d8thk32.dll
[2009/10/23 10:46:00 | 00,001,372 | ---- | M] () -- C:\Windows\System32\7B20oqsvb1jez.vbs
[2009/10/23 10:11:32 | 00,202,240 | ---- | M] () -- C:\Windows\System32\csrsrv32.dll
[2009/10/23 10:11:31 | 00,001,372 | ---- | M] () -- C:\Windows\System32\EaYXoSP9Jmewf.vbs
[2009/10/23 09:55:40 | 00,202,240 | ---- | M] () -- C:\Windows\System32\framedynos32.dll
[2009/10/23 09:55:38 | 00,001,372 | ---- | M] () -- C:\Windows\System32\jNGeDRb.vbs
[2009/10/20 13:51:13 | 00,444,615 | ---- | M] () -- C:\Users\Terry\Desktop\new 020.JPG
[2009/10/20 09:13:18 | 00,001,372 | ---- | M] () -- C:\Windows\System32\cIWBawyYtKy0ah1.vbs
[2009/10/20 08:40:57 | 00,001,372 | ---- | M] () -- C:\Windows\System32\oOpMU.vbs
[2009/10/19 11:36:45 | 00,001,372 | ---- | M] () -- C:\Windows\System32\xaj0m7Sn42Vhg.vbs
[2009/10/19 11:20:45 | 00,001,372 | ---- | M] () -- C:\Windows\System32\IGKpXrS0J2YFfuM.vbs
[2009/10/19 07:49:14 | 00,001,372 | ---- | M] () -- C:\Windows\System32\KCyOYqLccIYHv.vbs
[2009/10/19 07:10:56 | 00,001,372 | ---- | M] () -- C:\Windows\System32\2TW4uTqa3aYqjlN.vbs
[2009/10/18 17:31:01 | 00,022,528 | ---- | M] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/17 21:37:45 | 00,272,406 | ---- | M] () -- C:\Users\Terry\Desktop\new 016.JPG
[2009/10/17 19:44:40 | 00,001,372 | ---- | M] () -- C:\Windows\System32\nvQZq.vbs
[2009/10/17 19:34:27 | 00,001,372 | ---- | M] () -- C:\Windows\System32\ud6GwqW.vbs
[2009/10/16 21:13:30 | 00,000,577 | ---- | M] () -- C:\Users\Terry\Desktop\Gmail Email from Google.url
[2009/10/16 21:12:44 | 00,000,262 | ---- | M] () -- C:\Users\Terry\Desktop\Welcome - PayPal.url
[2009/10/16 21:08:56 | 00,001,372 | ---- | M] () -- C:\Windows\System32\08rjIhB.vbs
[2009/10/16 18:33:40 | 00,000,600 | ---- | M] () -- C:\Users\Terry\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/16 16:18:53 | 00,001,372 | ---- | M] () -- C:\Windows\System32\VVHvCO4Y03S0n.vbs
[2009/10/16 16:04:20 | 00,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat
[2009/10/16 06:57:04 | 00,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/15 16:12:11 | 00,001,372 | ---- | M] () -- C:\Windows\System32\6uRikhZ2qIwyp.vbs
[2009/10/15 16:06:42 | 00,121,344 | ---- | M] () -- C:\Windows\System32\d3dim70032.dll
[2009/10/15 16:05:12 | 00,121,344 | ---- | M] () -- C:\Windows\System32\bthserv32.dll
[2009/10/15 16:03:42 | 00,121,344 | ---- | M] () -- C:\Windows\System32\d3d832.dll
[2009/10/15 16:03:11 | 00,121,344 | ---- | M] () -- C:\Windows\System32\blackbox32.dll
[2009/10/15 16:01:57 | 00,121,344 | ---- | M] () -- C:\Windows\System32\dispci32.dll
[2009/10/15 16:01:25 | 00,121,344 | ---- | M] () -- C:\Windows\System32\clusapi32.dll
[2009/10/15 16:01:19 | 00,001,372 | ---- | M] () -- C:\Windows\System32\VjZtR.vbs
[2009/10/15 16:00:48 | 00,001,372 | ---- | M] () -- C:\Windows\System32\N3aZACi.vbs
[2009/10/15 12:14:18 | 00,000,252 | ---- | M] () -- C:\Users\Terry\Desktop\craigslist account log in.url
[2009/10/12 07:34:44 | 00,000,205 | ---- | M] () -- C:\Users\Terry\Desktop\USPS Track.url
[2009/10/07 14:54:44 | 00,032,093 | ---- | M] () -- C:\Users\Terry\Desktop\My eBay Selling All Selling.url
[2009/10/07 08:23:17 | 00,000,748 | ---- | M] () -- C:\Windows\tasks\McAfee Cleanup.job
[2009/10/06 16:32:26 | 00,042,217 | ---- | M] () -- C:\Users\Terry\Desktop\Lone Rock Weather.url
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/02 08:00:35 | 00,202,240 | ---- | C] () -- C:\Windows\System32\CompatUI32.dll
[2009/11/02 08:00:34 | 00,001,372 | ---- | C] () -- C:\Windows\System32\sdD6pC3.vbs
[2009/11/01 08:20:24 | 00,202,240 | ---- | C] () -- C:\Windows\System32\C_ISCII32.dll
[2009/11/01 08:20:24 | 00,001,372 | ---- | C] () -- C:\Windows\System32\hRO7U.vbs
[2009/11/01 02:48:30 | 00,000,000 | ---- | C] () -- C:\Windows\System32\GroupPolicy000.dat
[2009/10/31 06:50:19 | 00,202,240 | ---- | C] () -- C:\Windows\System32\dot3dlg32.dll
[2009/10/31 06:50:18 | 00,001,372 | ---- | C] () -- C:\Windows\System32\OjOoTHT.vbs
[2009/10/30 14:28:05 | 00,202,240 | ---- | C] () -- C:\Windows\System32\colorui32.dll
[2009/10/30 14:28:05 | 00,001,372 | ---- | C] () -- C:\Windows\System32\9nI8l4c.vbs
[2009/10/30 11:29:16 | 00,179,528 | ---- | C] () -- C:\Users\Terry\Desktop\pic02781_x[1].jpg
[2009/10/30 11:27:57 | 00,119,515 | ---- | C] () -- C:\Users\Terry\Desktop\pic02779_x[1].jpg
[2009/10/30 09:32:01 | 00,000,166 | ---- | C] () -- C:\Users\Terry\Desktop\WINGFAM.url
[2009/10/29 14:13:45 | 00,155,123 | ---- | C] () -- C:\Users\Terry\Desktop\j 006.JPG
[2009/10/29 14:12:53 | 00,170,839 | ---- | C] () -- C:\Users\Terry\Desktop\j 005.JPG
[2009/10/29 14:12:31 | 00,457,564 | ---- | C] () -- C:\Users\Terry\Desktop\j 001.JPG
[2009/10/29 12:32:53 | 00,202,240 | ---- | C] () -- C:\Windows\System32\els3232.dll
[2009/10/29 12:32:53 | 00,001,372 | ---- | C] () -- C:\Windows\System32\qStpMu5wI6cXYEE.vbs
[2009/10/29 09:17:45 | 00,202,240 | ---- | C] () -- C:\Windows\System32\dmdskres32.dll
[2009/10/29 09:17:45 | 00,001,372 | ---- | C] () -- C:\Windows\System32\sVZI9dS.vbs
[2009/10/28 21:10:18 | 00,368,779 | ---- | C] () -- C:\Users\Terry\Desktop\f 006.JPG
[2009/10/28 20:33:23 | 00,000,309 | ---- | C] () -- C:\Users\Terry\Desktop\Wisconsin Investment Clubs Companies.url
[2009/10/28 18:07:20 | 00,000,297 | ---- | C] () -- C:\Users\Terry\Desktop\C. Sheets Site.url
[2009/10/28 17:53:28 | 00,000,807 | ---- | C] () -- C:\Users\Public\Desktop\C. Sheets R. Estate Toolkit.lnk
[2009/10/28 12:09:43 | 00,202,240 | ---- | C] () -- C:\Windows\System32\deskadp32.dll
[2009/10/28 12:09:42 | 00,001,372 | ---- | C] () -- C:\Windows\System32\N4bMQyOjpQEl3.vbs
[2009/10/28 11:58:48 | 00,202,240 | ---- | C] () -- C:\Windows\System32\hhsetup32.dll
[2009/10/28 11:58:48 | 00,001,372 | ---- | C] () -- C:\Windows\System32\Ha0D3.vbs
[2009/10/27 08:50:39 | 00,202,240 | ---- | C] () -- C:\Windows\System32\Faultrep32.dll
[2009/10/27 08:50:39 | 00,001,372 | ---- | C] () -- C:\Windows\System32\A8Vh9X4EfLRb3cX.vbs
[2009/10/26 16:11:47 | 00,202,240 | ---- | C] () -- C:\Windows\System32\dimsroam32.dll
[2009/10/26 16:11:47 | 00,001,372 | ---- | C] () -- C:\Windows\System32\O5Nx8QTeUhaCF.vbs
[2009/10/26 08:32:44 | 00,010,752 | ---- | C] () -- C:\Users\Terry\Desktop\PS3 Tips Sheet.wps
[2009/10/26 08:20:28 | 00,009,728 | ---- | C] () -- C:\Users\Terry\Desktop\Console Repair Ticket.wps
[2009/10/26 06:34:50 | 00,202,240 | ---- | C] () -- C:\Windows\System32\els32.dll
[2009/10/26 06:34:50 | 00,001,372 | ---- | C] () -- C:\Windows\System32\G9nTWcpy7spAzjT.vbs
[2009/10/25 13:31:11 | 00,001,372 | ---- | C] () -- C:\Windows\System32\USig8zeUTsUcHVU.vbs
[2009/10/24 13:32:32 | 00,202,240 | ---- | C] () -- C:\Windows\System32\dmsynth32.dll
[2009/10/24 13:32:32 | 00,001,372 | ---- | C] () -- C:\Windows\System32\fw9Lu4yqU73Kz.vbs
[2009/10/23 10:46:00 | 00,202,240 | ---- | C] () -- C:\Windows\System32\d3d8thk32.dll
[2009/10/23 10:46:00 | 00,001,372 | ---- | C] () -- C:\Windows\System32\7B20oqsvb1jez.vbs
[2009/10/23 10:11:32 | 00,202,240 | ---- | C] () -- C:\Windows\System32\csrsrv32.dll
[2009/10/23 10:11:31 | 00,001,372 | ---- | C] () -- C:\Windows\System32\EaYXoSP9Jmewf.vbs
[2009/10/23 09:55:40 | 00,202,240 | ---- | C] () -- C:\Windows\System32\framedynos32.dll
[2009/10/23 09:55:38 | 00,001,372 | ---- | C] () -- C:\Windows\System32\jNGeDRb.vbs
[2009/10/20 19:47:07 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/10/20 13:51:13 | 00,444,615 | ---- | C] () -- C:\Users\Terry\Desktop\new 020.JPG
[2009/10/20 09:13:18 | 00,001,372 | ---- | C] () -- C:\Windows\System32\cIWBawyYtKy0ah1.vbs
[2009/10/20 08:40:57 | 00,001,372 | ---- | C] () -- C:\Windows\System32\oOpMU.vbs
[2009/10/19 23:24:05 | 03,584,993 | -H-- | C] () -- C:\Users\Terry\AppData\Local\IconCache.db
[2009/10/19 21:04:02 | 21,386,28096 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/19 11:36:45 | 00,001,372 | ---- | C] () -- C:\Windows\System32\xaj0m7Sn42Vhg.vbs
[2009/10/19 11:20:45 | 00,001,372 | ---- | C] () -- C:\Windows\System32\IGKpXrS0J2YFfuM.vbs
[2009/10/19 07:49:14 | 00,001,372 | ---- | C] () -- C:\Windows\System32\KCyOYqLccIYHv.vbs
[2009/10/19 07:10:55 | 00,001,372 | ---- | C] () -- C:\Windows\System32\2TW4uTqa3aYqjlN.vbs
[2009/10/17 21:37:45 | 00,272,406 | ---- | C] () -- C:\Users\Terry\Desktop\new 016.JPG
[2009/10/17 21:36:53 | 00,087,962 | ---- | C] () -- C:\Users\Terry\Desktop\ssb 2.JPG
[2009/10/17 21:35:20 | 00,134,010 | ---- | C] () -- C:\Users\Terry\Desktop\new 013.JPG
[2009/10/17 21:32:31 | 00,070,304 | ---- | C] () -- C:\Users\Terry\Desktop\ssb 1.JPG
[2009/10/17 19:44:40 | 00,001,372 | ---- | C] () -- C:\Windows\System32\nvQZq.vbs
[2009/10/17 19:34:27 | 00,001,372 | ---- | C] () -- C:\Windows\System32\ud6GwqW.vbs
[2009/10/16 21:08:56 | 00,001,372 | ---- | C] () -- C:\Windows\System32\08rjIhB.vbs
[2009/10/16 16:18:53 | 00,001,372 | ---- | C] () -- C:\Windows\System32\VVHvCO4Y03S0n.vbs
[2009/10/16 16:04:19 | 00,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/10/15 19:42:22 | 00,012,651 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2009/10/15 19:38:24 | 00,000,340 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/15 19:38:19 | 00,000,318 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2009/10/15 16:18:02 | 00,000,600 | ---- | C] () -- C:\Users\Terry\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 16:12:11 | 00,001,372 | ---- | C] () -- C:\Windows\System32\6uRikhZ2qIwyp.vbs
[2009/10/15 16:06:42 | 00,121,344 | ---- | C] () -- C:\Windows\System32\d3dim70032.dll
[2009/10/15 16:05:12 | 00,121,344 | ---- | C] () -- C:\Windows\System32\bthserv32.dll
[2009/10/15 16:03:42 | 00,121,344 | ---- | C] () -- C:\Windows\System32\d3d832.dll
[2009/10/15 16:03:11 | 00,121,344 | ---- | C] () -- C:\Windows\System32\blackbox32.dll
[2009/10/15 16:01:57 | 00,121,344 | ---- | C] () -- C:\Windows\System32\dispci32.dll
[2009/10/15 16:01:25 | 00,121,344 | ---- | C] () -- C:\Windows\System32\clusapi32.dll
[2009/10/15 16:01:19 | 00,001,372 | ---- | C] () -- C:\Windows\System32\VjZtR.vbs
[2009/10/15 16:00:48 | 00,005,609 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689C.manifest
[2009/10/15 16:00:48 | 00,002,607 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689P.manifest
[2009/10/15 16:00:48 | 00,001,372 | ---- | C] () -- C:\Windows\System32\N3aZACi.vbs
[2009/10/15 16:00:48 | 00,000,665 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689O.manifest
[2009/10/15 16:00:48 | 00,000,011 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689S.manifest
[2009/10/07 08:20:13 | 00,000,748 | ---- | C] () -- C:\Windows\tasks\McAfee Cleanup.job
[2008/01/02 16:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/11/20 17:35:48 | 00,061,678 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\PFP100JPR.{PB
[2007/11/20 17:35:48 | 00,012,358 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\PFP100JCM.{PB
[2007/11/03 16:31:55 | 00,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/10/24 10:37:23 | 00,020,566 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2007/10/23 05:25:51 | 00,024,206 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\UserTile.png
[2007/10/23 04:57:15 | 00,022,528 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/23 04:53:26 | 00,109,672 | ---- | C] () -- C:\Users\Terry\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/25 10:18:35 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/02/15 17:07:38 | 00,061,440 | ---- | C] () -- C:\Windows\System32\PTQL5F.DLL
[2006/11/22 15:16:18 | 00,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 06:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 06:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 06:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 06:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 04:23:31 | 00,000,169 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/10/01 09:26:58 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Canon
[2009/03/13 18:39:07 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/12/14 22:06:18 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Corel
[2007/10/30 20:47:39 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Geneforge 3 Saved Games
[2009/10/15 21:23:48 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\LimeWire
[2009/04/09 11:02:21 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\OpenOffice.org
[2007/10/23 05:25:50 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\PeerNetworking
[2007/10/23 05:28:29 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\SampleView
[2007/11/03 16:31:46 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\ScanSoft
[2009/10/18 09:28:43 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Spare Backup
[2007/10/24 10:37:24 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Template
[2007/10/24 01:08:31 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\WildTangent
[2009/03/30 06:32:12 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\wootalyzer
[2009/10/16 06:57:04 | 00,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/11/01 00:00:13 | 00,000,318 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/11/02 07:56:11 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/01 19:35:07 | 00,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/02 10:57:39 | 00,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B2F917B6-E479-4B4F-A9E4-3550BA7BA6B3}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >


Extras.Txt

OTL Extras logfile created on: 11/2/2009 10:56:38 AM - Run 1
OTL by OldTimer - Version 3.1.2.2 Folder = C:\Users\Terry\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.52% Memory free
4.00 Gb Paging File | 3.09 Gb Available in Paging File | 77.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 209.46 Gb Free Space | 72.71% Space Free | Partition Type: NTFS
Drive D: | 10.04 Gb Total Space | 3.18 Gb Free Space | 31.69% Space Free | Partition Type: NTFS
Drive E: | 74.50 Gb Total Space | 65.24 Gb Free Space | 87.58% Space Free | Partition Type: NTFS
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERRY-PC
Current User Name: Terry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1619379652-4077300970-1505749896-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 8

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5FAF10DB-624C-4A3A-801C-8260E78D222C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FAAC7D01-1C1A-4BD4-815B-E703802DD3B3}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A42CC0-7EE2-4877-BD68-BBAD2A8507E3}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{02EE30DB-F54B-46B3-8220-1055893706E6}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{0792D664-EEF2-4A82-BD2D-512BAE558D55}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{08D5AE38-0003-4B66-AB7C-1829F6D87A74}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{0A21614A-8250-409B-8AF4-A4B03EB53D0E}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{0C8B5796-9DF5-4928-97FB-7E9ADE4D7C46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12F918E0-5CDD-4618-93DC-D30B5A567A68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{146A3F7B-E8D9-4BBB-AACD-4DB6D8A4835F}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{18291CE6-F44B-4F47-B7B9-E8BD3CA01E34}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{19103EF9-6EEC-4229-AA08-648ED1A385E7}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{1BD4D1D1-A9FD-4745-B60C-5D152BABE451}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{1DE004BD-5702-4C4F-9C37-3BE9D893E6A9}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{2A288AFE-E1A7-4A6F-AA52-C4F680EDFE78}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{2BE0014A-8FA1-4139-A391-20138312136C}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{3035071D-E36A-487A-BB19-7953A7BA2378}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{33AA3450-416D-43AE-A107-7ED2642EA663}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3BEC31D0-722B-4C61-A33C-9F5ADEF976A2}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{3DF46543-67F7-4F77-9C5E-AD0EAC7DCE05}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{430D3294-89FE-49CE-83FE-F8AA065103DD}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{436E3704-E937-439F-8E26-B2A3CEB81FF7}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{439AEB88-86BE-4245-862D-42D943823FF8}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{43C78512-DC3E-4BBE-8F9F-1FE799BF797C}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{46C2DE3F-77CF-46B0-B58F-D10CC5228426}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{49AC64E2-5833-4721-A621-0767E81894B3}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{4A73B9B8-4F5C-4186-943F-3E3BF0B2D329}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{4AB64634-593E-42B5-9419-5BE51C17FB99}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{573F4B52-B0FD-4BF3-98FC-9C812E30BF75}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{577A0073-68A2-40FF-AEA1-2B57C95A186A}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{592D7B3C-84E7-4F6C-90FD-99279B236297}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{5CD7B0A8-7CBA-4D98-9FAA-AC5F8F874B66}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{6CC22A00-4513-4109-B600-0910F8EDE9AA}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{6D92CB7A-7EE0-4C1B-AA55-376A73518128}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{71017B1E-A2F9-4624-ABB9-304F63044884}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{7A90D1B1-1A04-4FB8-BC86-B1C988A23759}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{7D01C396-EA19-4075-BF17-1385AD12A83E}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{81B2566F-9BC2-4177-A060-5CF8A811968D}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{821963B5-24A3-45BD-A217-785BDBF35008}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{82E2C125-DA11-43C3-B5B2-4F17C6A5077D}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{83872951-DE5F-42FB-8E98-F566A151FF72}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{83CC4B43-B5D8-49FF-B680-84A143DC6307}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{8730A593-A3CE-4873-8ABB-EB9621E616B0}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{885A455D-107A-4788-A40A-744FCC6F41B5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8AB82740-3E12-4086-A4E1-C63FB8439364}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8AD9D9FF-2930-40F1-829B-FB7EE59500B1}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{8D2C4FBB-8605-4E6D-9505-666C8E0A56C6}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{93FEA095-FB3B-445F-8491-A074DFDBE352}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{96F5C4FA-9574-44B7-A55F-B2F2D504E7ED}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{98F31F1F-363C-4C71-BF4A-0B78CCB322DF}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{9BE0A758-4F1A-4E09-BE3F-675DFB448C35}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{9C8DF2DD-0B5C-4BEE-B9A1-6B5DF91B367C}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{A410B966-1445-40E8-B18E-6E22B1CFA812}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{A9CEBA86-E240-42AB-B3BE-84091EFD372A}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{AC5F6FCB-1F23-4A66-A151-BE56A129544C}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{B2A878DD-C6EF-4843-9A80-F528A822250A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B2DD3EBD-8EC3-4C80-95D0-F4433C4CCBB9}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{B3C72DE3-66AA-4781-8EFD-4B014F54A0BB}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{B6032757-4AE4-47B3-B6F1-F713A2B871D0}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B687341D-7C98-4000-A555-90FAF67981AF}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{BB1DF976-55EE-416A-8F58-EBB25C6CD640}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{BD12A42F-8AA8-4E2C-8EC4-4D41A0C7163C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BDF346C8-5136-4721-83D5-DA7653E84FC1}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{C0AA2429-F7A9-4058-8475-2F5EDF87874F}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{C58A3F91-1B03-4D30-B2A9-B78E222F5B9A}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{C73DE0E6-4E0B-4276-809F-BCE30C94111F}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{D5F689DA-305A-4D2F-A279-32896EC7BC0F}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{D6624C5E-2318-4956-B2BA-93FE2F7A0D08}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{D6BD103A-3034-4FAC-8887-528B2BF7A4B1}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{D7CA68F8-3B44-40CE-B413-AEF145A82D70}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{D7EB0681-8781-446B-9C33-A2124980FF7F}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{DC4C7DA6-080F-45D6-9758-BC4CD097B9A9}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{E585E9EF-C07C-4BD7-95D1-A0F0A9AEEDAE}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{E80FC41E-2B86-481C-A468-7E90295EA5DF}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{F1E9AE3F-B9CB-4211-9D48-5CB25DAE0FAE}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{F6771708-787B-4D93-966F-B4C0842DBC23}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6A75800-03D3-4AC7-9563-A17B654F83B9}" = Carleton H. Sheets Real Estate ToolKit version 7.1.4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Canon MP160 User Registration" = Canon MP160 User Registration
"CanonMyPrinter" = Canon My Printer
"CobBackup8" = Cobian Backup 8
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Gateway Game Console" = Gateway Game Console
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"InstallShield_{C6A75800-03D3-4AC7-9563-A17B654F83B9}" = Carleton H. Sheets Real Estate ToolKit version 7.1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money Essentials
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSC" = McAfee SecurityCenter
"PuzzlesMaster" = PuzzlesMaster
"Visual CertExam Manager_is1" = Visual CertExam Manager 1.9
"WildTangent gateway Master Uninstall" = Gateway Games
"Wootalyzer" = Wootalyzer!
"WordPerfect Office 2002" = WordPerfect Office 2002
"WT022707" = Bejeweled 2 Deluxe
"WT022755" = Blackhawk Striker 2
"WT023134" = Diner Dash
"WT023296" = Family Feud 2
"WT023314" = FATE
"WT023458" = Geneforge 3
"WT023902" = Penguins!
"WT023950" = Polar Bowler
"WT023956" = Polar Golfer
"WT024398" = Tradewinds
"WT081303" = Midnight Mysteries - The Edgar Allan Poe Conspiracy
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Weight Watchers Light and Tasty Deluxe" = Weight Watchers Light and Tasty Deluxe
"World of Warcraft Trial" = World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2009 4:16:06 PM | Computer Name = Terry-PC | Source = Google Update | ID = 20
Description =

Error - 10/19/2009 9:16:05 AM | Computer Name = Terry-PC | Source = Google Update | ID = 20
Description =

Error - 10/19/2009 2:42:28 PM | Computer Name = Terry-PC | Source = EventSystem | ID = 4609
Description =

Error - 10/19/2009 2:51:19 PM | Computer Name = Terry-PC | Source = EventSystem | ID = 4609
Description =

Error - 10/19/2009 11:16:06 PM | Computer Name = Terry-PC | Source = Google Update | ID = 20
Description =

Error - 10/20/2009 12:16:06 AM | Computer Name = Terry-PC | Source = Google Update | ID = 20
Description =

Error - 10/20/2009 1:16:06 AM | Computer Name = Terry-PC | Source = Google Update | ID = 20
Description =

Error - 10/20/2009 9:48:25 PM | Computer Name = Terry-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18226 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1544 Start Time: 01ca5197ceb9bd2d Termination Time: 0

Error - 10/20/2009 9:52:23 PM | Computer Name = Terry-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x0004311a, process id 0xb1c, application
start time 0x01ca51f11da8fc64.

Error - 10/23/2009 12:40:22 PM | Computer Name = Terry-PC | Source = Application Error | ID = 1000
Description = Faulting application RootRepeal.exe, version 1.3.5.0, time stamp 0x4a842d4f,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x000659c3, process id 0xda8, application start time
0x01ca53ff68154f01.

[ Media Center Events ]
Error - 11/30/2007 4:49:01 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/1/2007 8:57:09 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/10/2007 12:44:20 AM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2008 4:23:53 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 8:41:30 AM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 7:08:12 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 4:09:48 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 5:42:46 AM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/2/2008 5:32:24 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2008 10:09:25 AM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/29/2009 12:47:38 PM | Computer Name = Terry-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/29/2009 12:47:38 PM | Computer Name = Terry-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/29/2009 12:47:38 PM | Computer Name = Terry-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/29/2009 2:30:29 PM | Computer Name = Terry-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 24.183.61.227 for the Network Card with network
address 0019212F5FC4 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/29/2009 2:31:37 PM | Computer Name = Terry-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 0019212F5FC4.

Error - 10/30/2009 10:52:38 AM | Computer Name = Terry-PC | Source = HTTP | ID = 15016
Description =

Error - 10/31/2009 8:49:06 AM | Computer Name = Terry-PC | Source = HTTP | ID = 15016
Description =

Error - 11/2/2009 9:56:12 AM | Computer Name = Terry-PC | Source = HTTP | ID = 15016
Description =

Error - 11/2/2009 9:59:06 AM | Computer Name = Terry-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/2/2009 9:59:06 AM | Computer Name = Terry-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Results.log:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-02 15:01:11
Windows 6.0.6001 Service Pack 1
Running: imbnkwyt.exe; Driver: C:\Users\Terry\AppData\Local\Temp\fglcipob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8D9B579E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8D9B5738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8D9B574C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8D9B57DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8D9B581F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8D9B5710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8D9B5724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8D9B57B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8D9B5847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8D9B5833]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8D9B578A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8D9B5776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8D9B580B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8D9B57F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8D9B57C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8D9B5762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 81E29190 5 Bytes JMP 8D9B57CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81FC317C 5 Bytes JMP 8D9B5823 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81FCADD5 5 Bytes JMP 8D9B5766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 81FE4F8A 5 Bytes JMP 8D9B580F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 820041D4 5 Bytes JMP 8D9B5728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 82013B10 1 Byte [E9]
PAGE ntkrnlpa.exe!NtOpenProcess 82013B10 5 Bytes JMP 8D9B5714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8202674E 7 Bytes JMP 8D9B57E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82026DA5 5 Bytes JMP 8D9B57F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 82028FB6 5 Bytes JMP 8D9B57A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 82036674 5 Bytes JMP 8D9B577A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 820388CE 7 Bytes JMP 8D9B57B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 82057452 5 Bytes JMP 8D9B5837 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8205849E 5 Bytes JMP 8D9B584B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 820961AF 5 Bytes JMP 8D9B573C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 820961FA 7 Bytes JMP 8D9B5750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 82096CB7 5 Bytes JMP 8D9B578E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 008600A2
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 00860091
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 008600BD
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 00860F26
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 00860054
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 00860FDE
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 00860F7A
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 00860FB2
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 00860065
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 00860F97
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 00860FC3
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 00860080
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 008600D8
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 0086001B
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 00860000
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 00860FEF
.text C:\Windows\system32\services.exe[664] kernel32.dll!WinExec 769554FF 5 Bytes JMP 00860F41
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 002E0FC0
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 002E0062
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 002E0000
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 002E0FD1
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 002E007D
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 002E002C
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 002E001B
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 002E003D
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 00870049
.text C:\Windows\system32\services.exe[664] msvcrt.dll!system 77AD8B63 5 Bytes JMP 00870038
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 0087000C
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 00870FEF
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 00870027
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 00870FD2
.text C:\Windows\system32\services.exe[664] WS2_32.dll!socket 768936D1 5 Bytes JMP 002F0FE5
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 006700A8
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 00670097
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 00670F2F
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 00670F40
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 00670F91
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 00670033
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 0067005F
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 00670FAC
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 0067007C
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 0067004E
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 00670FBD
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 00670F6C
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 00670F1E
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 00670011
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 00670000
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 00670022
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!WinExec 769554FF 5 Bytes JMP 00670F51
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 00640F8A
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 00640FC0
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00640000
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 00640FA5
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 00640F79
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 0064001B
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00640FDB
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 0064002C
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 006C0042
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!system 77AD8B63 5 Bytes JMP 006C0027
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 006C0FC8
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 006C0FEF
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 006C0FB7
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 006C000C
.text C:\Windows\system32\lsass.exe[684] WS2_32.dll!socket 768936D1 5 Bytes JMP 00650FEF
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 004F00CC
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 004F00B1
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 004F0F50
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 004F0F61
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 004F007B
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 004F0FD4
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 004F0F97
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 004F0FB2
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 004F0F7C
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 004F0054
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 004F0FC3
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 004F0096
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 004F0F35
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 004F0FEF
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 004F000A
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 004F0025
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!WinExec 769554FF 5 Bytes JMP 004F00DD
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 00510FAD
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!system 77AD8B63 5 Bytes JMP 00510038
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 00510FD2
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 00510FEF
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 00510027
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 0051000C
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 00300F8D
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 00300FAF
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 00300F9E
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 0030004A
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 00300FD1
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00300011
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 00300FC0
.text C:\Windows\system32\svchost.exe[876] WS2_32.dll!socket 768936D1 5 Bytes JMP 004E0000
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 002100AC
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 00210091
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 002100DB
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 768C1C36 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 00210F3A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 0021005B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 00210F77
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 00210036
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 0021006C
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 00210F9E
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 0021001B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 00210F5C
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 002100EC
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 00210FD4
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 7695430E 3 Bytes JMP 00210FB9
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA + 4 76954312 1 Byte [89]
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 769554FF 3 Bytes JMP 00210F4B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec + 4 76955503 1 Byte [89]
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 0022005D
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!system 77AD8B63 5 Bytes JMP 00220042
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 0022001D
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 00220FD2
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 0022000C
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 001F0FAF
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 001F0040
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 001F0FE5
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 001F0051
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 001F0062
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 001F000A
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 001F0FD4
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[936] WS2_32.dll!socket 768936D1 5 Bytes JMP 00200FEF
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 005D0F3E
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 005D008E
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 005D00C4
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 005D0F2D
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 005D0073
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 005D0036
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 005D0062
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 005D0051
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 005D0F7E
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 005D0FAF
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 005D0FCA
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 005D0F63
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 005D00D5
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 005D0FEF
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 005D000A
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 005D0025
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!WinExec 769554FF 5 Bytes JMP 005D009F
.text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 005E0036
.text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!system 77AD8B63 5 Bytes JMP 005E0FAB
.text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 005E0FC6
.text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 005E0000
.text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 005E001B
.text C:\Windows\System32\svchost.exe[1048] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 005E0FE3
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 005A0F79
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 005A0F9E
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 005A0000
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 005A001B
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 005A002C
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 005A0FD4
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 005A0FE5
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 005A0FB9
.text C:\Windows\System32\svchost.exe[1048] WS2_32.dll!socket 768936D1 5 Bytes JMP 005B000A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 00DF00A4
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 00DF0F5E
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 00DF00E1
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 00DF00D0
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 00DF0089
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 00DF0036
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 00DF0FAF
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 00DF005B
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 00DF0F8A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 00DF006C
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 00DF0FD4
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 00DF0F6F
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 00DF0F2F
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 00DF0FE5
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 00DF0000
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 00DF0025
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!WinExec 769554FF 5 Bytes JMP 00DF00B5
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 01100058
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!system 77AD8B63 5 Bytes JMP 01100FD7
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 0110002C
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 01100000
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 01100047
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 01100011
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 00D80F8D
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 00D80F9E
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00D80FE5
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 00D80025
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 00D80F72
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 00D80FCA
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00D80000
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 00D80FAF
.text C:\Windows\System32\svchost.exe[1112] WS2_32.dll!socket 768936D1 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 01100F5E
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 011000A4
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 01100F32
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 011000C9
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 01100F8A
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 01100022
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 0110006E
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 0110003D
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 01100F79
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 01100FA5
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 01100FC0
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 01100089
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 01100F17
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 01100FDB
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 01100000
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 01100011
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!WinExec 769554FF 5 Bytes JMP 01100F4D
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 01110F92
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!system 77AD8B63 5 Bytes JMP 0111001D
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 01110FC8
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 0111000C
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 01110FAD
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 01110FEF
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 00DD0FA8
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 00DD0FCA
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00DD0FEF
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 00DD0FB9
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 00DD005B
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 00DD0025
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00DD0000
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 00DD0036
.text C:\Windows\system32\svchost.exe[1180] WS2_32.dll!socket 768936D1 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 0026008C
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 00260F50
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 002600CC
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 00260F2B
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 00260071
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 00260FC3
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 00260F8D
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 0026002F
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 00260F7C
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 0026004A
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 00260FA8
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 00260F61
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 00260F1A
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 0026000A
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 00260FEF
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 00260FD4
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!WinExec 769554FF 5 Bytes JMP 002600A7
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 00280FC3
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!system 77AD8B63 5 Bytes JMP 00280FD4
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 00280FE5
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 0028000C
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 0028003A
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 0028001D
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 00080FA8
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 00080039
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 0008004A
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 0008005B
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 00080014
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00080FDE
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 00080FCD
.text C:\Windows\system32\svchost.exe[1264] WS2_32.dll!socket 768936D1 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 01150F68
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 011500AE
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 01150F21
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 01150F32
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 01150F97
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 01150FE5
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 01150FA8
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 01150065
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!VirtualProtectEx 768E8D7E 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 01150082
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 01150FB9
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 01150FD4
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 01150093
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 011500C9
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 0115001B
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 01150000
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 01150036
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!WinExec 769554FF 5 Bytes JMP 01150F4D
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 0117002C
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!system 77AD8B63 5 Bytes JMP 01170011
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 01170FB5
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 01170FE3
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 01170000
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 01170FC6
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 00DB0FC3
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 00DB004A
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00DB0FEF
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 00DB0065
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 00DB0076
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 00DB001E
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00DB0FDE
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 00DB0039
.text C:\Windows\system32\svchost.exe[1368] WS2_32.dll!socket 768936D1 5 Bytes JMP 01140000
.text C:\Windows\system32\svchost.exe[1368] WinInet.dll!InternetOpenA 778AD690 3 Bytes JMP 0116000A
.text C:\Windows\system32\svchost.exe[1368] WinInet.dll!InternetOpenA + 4 778AD694 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1368] WinInet.dll!InternetOpenW 778ADB09 3 Bytes JMP 01160FEF
.text C:\Windows\system32\svchost.exe[1368] WinInet.dll!InternetOpenW + 4 778ADB0D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1368] WinInet.dll!InternetOpenUrlA 778AF3A4 3 Bytes JMP 01160025
.text C:\Windows\system32\svchost.exe[1368] WinInet.dll!InternetOpenUrlA + 4 778AF3A8 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1368] WinInet.dll!InternetOpenUrlW 778F6DDF 5 Bytes JMP 01160FDE
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 009A0F1F
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 009A0F30
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 009A0091
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 009A0EFA
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 009A0F52
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 009A0FCA
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 009A0036
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 009A0F94
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 009A0F41
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 009A0F83
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 009A0FA5
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 009A005B
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 009A00A2
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 009A0FE5
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 009A0000
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 009A001B
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!WinExec 769554FF 5 Bytes JMP 009A0080
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 00A10FD4
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!system 77AD8B63 5 Bytes JMP 00A1005F
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 00A1003A
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 00A10000
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 00A10FEF
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 00A1001D
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 005F0F9E
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 005F0036
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 005F0FEF
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 005F0FAF
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 005F005B
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 005F0025
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 005F0014
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 005F0FCA
.text C:\Windows\system32\svchost.exe[1528] WS2_32.dll!socket 768936D1 5 Bytes JMP 00600FEF
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 005A0F4B
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 005A0F5C
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 005A00AC
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 005A0F15
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 005A007D
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 005A0036
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 005A006C
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 005A0FCA
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 005A0F88
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 005A0FAF
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 005A0047
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 005A0F77
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 005A0EFA
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 005A0FE5
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 005A0000
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 005A0011
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!WinExec 769554FF 5 Bytes JMP 005A0F30
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 005B005F
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!system 77AD8B63 5 Bytes JMP 005B004E
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 005B0FDE
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 005B0FEF
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 005B003D
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 005B0018
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 00560FA8
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 00560FB9
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00560FEF
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 00560040
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 00560F8D
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00560FD4
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 0056002F
.text C:\Windows\system32\svchost.exe[1908] WS2_32.dll!socket 768936D1 5 Bytes JMP 00590FEF
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 03790F24
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 0379006A
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 03790EE7
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 03790EF8
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 03790045
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 03790FB9
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 03790F6B
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 03790F8D
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 03790F50
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 03790F7C
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 03790F9E
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 03790F3F
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 03790099
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 03790000
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 03790FEF
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 03790FCA
.text C:\Windows\Explorer.EXE[1924] kernel32.dll!WinExec 769554FF 5 Bytes JMP 03790F13
.text C:\Windows\Explorer.EXE[1924] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 03700069
.text C:\Windows\Explorer.EXE[1924] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 0370003D
.text C:\Windows\Explorer.EXE[1924] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 03700FE5
.text C:\Windows\Explorer.EXE[1924] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 03700058
.text C:\Windows\Explorer.EXE[1924] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 03700FAC
.text C:\Windows\Explorer.EXE[1924] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 03700011
.text C:\Windows\Explorer.EXE[1924] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 03700000
.text C:\Windows\Explorer.EXE[1924] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 0370002C
.text C:\Windows\Explorer.EXE[1924] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 038C0FA8
.text C:\Windows\Explorer.EXE[1924] msvcrt.dll!system 77AD8B63 5 Bytes JMP 038C0029
.text C:\Windows\Explorer.EXE[1924] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 038C0FDE
.text C:\Windows\Explorer.EXE[1924] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 038C0FEF
.text C:\Windows\Explorer.EXE[1924] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 038C0FB9
.text C:\Windows\Explorer.EXE[1924] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 038C0018
.text C:\Windows\Explorer.EXE[1924] WS2_32.dll!socket 768936D1 5 Bytes JMP 03710FEF
.text C:\Windows\Explorer.EXE[1924] WININET.dll!InternetOpenA 778AD690 5 Bytes JMP 037A0000
.text C:\Windows\Explorer.EXE[1924] WININET.dll!InternetOpenW 778ADB09 5 Bytes JMP 037A0011
.text C:\Windows\Explorer.EXE[1924] WININET.dll!InternetOpenUrlA 778AF3A4 5 Bytes JMP 037A0036
.text C:\Windows\Explorer.EXE[1924] WININET.dll!InternetOpenUrlW 778F6DDF 5 Bytes JMP 037A0FE5
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2728] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2728] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 00380F4D
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 00380F68
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 003800C2
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 00380F2B
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 00380078
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 00380FDB
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 0038005D
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 00380FAF
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 00380F83
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 00380F9E
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 00380FCA
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 00380089
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 00380F10
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 0038001B
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 00380000
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 00380036
.text C:\Windows\system32\svchost.exe[3076] kernel32.dll!WinExec 769554FF 5 Bytes JMP 00380F3C
.text C:\Windows\system32\svchost.exe[3076] msvcrt.dll!_wsystem 77AD8A47 3 Bytes JMP 00390031
.text C:\Windows\system32\svchost.exe[3076] msvcrt.dll!_wsystem + 4 77AD8A4B 1 Byte [88]
.text C:\Windows\system32\svchost.exe[3076] msvcrt.dll!system 77AD8B63 3 Bytes JMP 00390FA6
.text C:\Windows\system32\svchost.exe[3076] msvcrt.dll!system + 4 77AD8B67 1 Byte [88]
.text C:\Windows\system32\svchost.exe[3076] msvcrt.dll!_creat 77ADC6F1 3 Bytes JMP 00390FD2
.text C:\Windows\system32\svchost.exe[3076] msvcrt.dll!_creat + 4 77ADC6F5 1 Byte [88]
.text C:\Windows\system32\svchost.exe[3076] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 0039000C
.text C:\Windows\system32\svchost.exe[3076] msvcrt.dll!_wcreat 77ADDC9E 3 Bytes JMP 00390FB7
.text C:\Windows\system32\svchost.exe[3076] msvcrt.dll!_wcreat + 4 77ADDCA2 1 Byte [88]
.text C:\Windows\system32\svchost.exe[3076] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 00390FEF
.text C:\Windows\system32\svchost.exe[3076] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 00090069
.text C:\Windows\system32\svchost.exe[3076] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 00090047
.text C:\Windows\system32\svchost.exe[3076] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[3076] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 00090058
.text C:\Windows\system32\svchost.exe[3076] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 00090FAC
.text C:\Windows\system32\svchost.exe[3076] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 0009001B
.text C:\Windows\system32\svchost.exe[3076] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[3076] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 00090036
.text C:\Windows\system32\svchost.exe[3076] WS2_32.dll!socket 768936D1 5 Bytes JMP 00340000
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 005C0F3F
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 005C0085
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 005C00C2
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 005C00B1
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 005C004F
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 005C0FB2
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 005C0F75
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 005C0FA1
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 005C0F5A
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 005C0F90
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 005C001E
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 005C006A
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 005C0F10
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 005C0FD4
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 005C0FEF
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 005C0FC3
.text C:\Windows\system32\svchost.exe[3108] kernel32.dll!WinExec 769554FF 5 Bytes JMP 005C00A0
.text C:\Windows\system32\svchost.exe[3108] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 005D0075
.text C:\Windows\system32\svchost.exe[3108] msvcrt.dll!system 77AD8B63 5 Bytes JMP 005D0064
.text C:\Windows\system32\svchost.exe[3108] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 005D0038
.text C:\Windows\system32\svchost.exe[3108] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 005D0000
.text C:\Windows\system32\svchost.exe[3108] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 005D0049
.text C:\Windows\system32\svchost.exe[3108] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 005D001D
.text C:\Windows\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 00580F7C
.text C:\Windows\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 00580F97
.text C:\Windows\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00580FE5
.text C:\Windows\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 0058001E
.text C:\Windows\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 00580039
.text C:\Windows\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 00580FC3
.text C:\Windows\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00580FD4
.text C:\Windows\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 00580FA8
.text C:\Windows\system32\svchost.exe[3108] WS2_32.dll!socket 768936D1 5 Bytes JMP 005A0000
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 00060F29
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 00060F3A
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 000600C0
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 000600A5
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 00060054
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 00060FC3
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 00060F7A
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 00060FB2
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 00060065
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 00060FA1
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 0006002F
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 00060F5F
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 000600D1
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 00060FD4
.text C:\Windows\System32\svchost.exe[3144] kernel32.dll!WinExec 769554FF 5 Bytes JMP 0006008A
.text C:\Windows\System32\svchost.exe[3144] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 00070FC1
.text C:\Windows\System32\svchost.exe[3144] msvcrt.dll!system 77AD8B63 5 Bytes JMP 00070042
.text C:\Windows\System32\svchost.exe[3144] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 00070FE3
.text C:\Windows\System32\svchost.exe[3144] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3144] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 00070FD2
.text C:\Windows\System32\svchost.exe[3144] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 00070011
.text C:\Windows\System32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 00050F91
.text C:\Windows\System32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 0005003D
.text C:\Windows\System32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 00050FAC
.text C:\Windows\System32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 00050058
.text C:\Windows\System32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 00050011
.text C:\Windows\System32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 0005002C
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!GetStartupInfoW 768C1929 5 Bytes JMP 00010051
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!GetStartupInfoA 768C19C9 5 Bytes JMP 00010F0B
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!CreateProcessW 768C1C01 5 Bytes JMP 00010084
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!CreateProcessA 768C1C36 5 Bytes JMP 00010073
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!VirtualProtect 768C1DD1 5 Bytes JMP 0001001B
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!CreateNamedPipeW 768C5C44 5 Bytes JMP 00010F94
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!LoadLibraryExW 768E30C3 5 Bytes JMP 0001000A
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!LoadLibraryW 768E361F 5 Bytes JMP 00010F68
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!VirtualProtectEx 768E8D7E 5 Bytes JMP 00010F26
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!LoadLibraryExA 768E9469 5 Bytes JMP 00010F4D
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!LoadLibraryA 768E9491 5 Bytes JMP 00010F83
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!CreatePipe 768F0284 5 Bytes JMP 00010036
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!GetProcAddress 7690B8B6 5 Bytes JMP 00010095
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!CreateFileW 7690CC4E 5 Bytes JMP 00010FCA
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!CreateFileA 7690CF71 5 Bytes JMP 00010FEF
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!CreateNamedPipeA 7695430E 5 Bytes JMP 00010FB9
.text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!WinExec 769554FF 5 Bytes JMP 00010062
.text C:\Windows\system32\wuauclt.exe[5144] msvcrt.dll!_wsystem 77AD8A47 5 Bytes JMP 00060F93
.text C:\Windows\system32\wuauclt.exe[5144] msvcrt.dll!system 77AD8B63 5 Bytes JMP 00060FA4
.text C:\Windows\system32\wuauclt.exe[5144] msvcrt.dll!_creat 77ADC6F1 5 Bytes JMP 00060FC6
.text C:\Windows\system32\wuauclt.exe[5144] msvcrt.dll!_open 77ADDA7E 5 Bytes JMP 00060FE3
.text C:\Windows\system32\wuauclt.exe[5144] msvcrt.dll!_wcreat 77ADDC9E 5 Bytes JMP 00060FB5
.text C:\Windows\system32\wuauclt.exe[5144] msvcrt.dll!_wopen 77ADDE79 5 Bytes JMP 00060000
.text C:\Windows\system32\wuauclt.exe[5144] ADVAPI32.dll!RegCreateKeyExA 761FB5E7 5 Bytes JMP 0007002F
.text C:\Windows\system32\wuauclt.exe[5144] ADVAPI32.dll!RegCreateKeyA 761FB8AE 5 Bytes JMP 00070FA8
.text C:\Windows\system32\wuauclt.exe[5144] ADVAPI32.dll!RegOpenKeyA 76200BF5 5 Bytes JMP 00070FE5
.text C:\Windows\system32\wuauclt.exe[5144] ADVAPI32.dll!RegCreateKeyW 7620B83D 5 Bytes JMP 00070F8D
.text C:\Windows\system32\wuauclt.exe[5144] ADVAPI32.dll!RegCreateKeyExW 7620BCE1 5 Bytes JMP 00070F7C
.text C:\Windows\system32\wuauclt.exe[5144] ADVAPI32.dll!RegOpenKeyExA 7620D4E8 5 Bytes JMP 00070FC3
.text C:\Windows\system32\wuauclt.exe[5144] ADVAPI32.dll!RegOpenKeyW 76213CB0 5 Bytes JMP 00070FD4
.text C:\Windows\system32\wuauclt.exe[5144] ADVAPI32.dll!RegOpenKeyExW 7621F09D 5 Bytes JMP 00070014
.text C:\Windows\system32\wuauclt.exe[5144] WS2_32.dll!socket 768936D1 5 Bytes JMP 00090FE5

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749888B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749C98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7498B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7497FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74987A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7497EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749BB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7498BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7498074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749806B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749771B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A0D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749A7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7497E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7497697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749769A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74982465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:37 PM

Posted 02 November 2009 - 06:48 PM

Yes I will provide prevention measures once we are done with this log.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2009/10/15 16:00:48 | 00,001,372 | ---- | C] () -- C:\Windows\System32\N3aZACi.vbs
    [2009/10/15 16:03:42 | 00,121,344 | ---- | C] () -- C:\Windows\System32\d3d832.dll
    [2009/10/15 16:03:11 | 00,121,344 | ---- | C] () -- C:\Windows\System32\blackbox32.dll
    [2009/10/15 16:01:57 | 00,121,344 | ---- | C] () -- C:\Windows\System32\dispci32.dll
    [2009/10/15 16:01:25 | 00,121,344 | ---- | C] () -- C:\Windows\System32\clusapi32.dll
    [2009/10/15 16:01:19 | 00,001,372 | ---- | C] () -- C:\Windows\System32\VjZtR.vbs
    [2009/10/15 16:12:11 | 00,001,372 | ---- | C] () -- C:\Windows\System32\6uRikhZ2qIwyp.vbs
    [2009/10/15 16:06:42 | 00,121,344 | ---- | C] () -- C:\Windows\System32\d3dim70032.dll
    [2009/10/15 16:05:12 | 00,121,344 | ---- | C] () -- C:\Windows\System32\bthserv32.dll
    [2009/10/17 19:44:40 | 00,001,372 | ---- | C] () -- C:\Windows\System32\nvQZq.vbs
    [2009/10/17 19:34:27 | 00,001,372 | ---- | C] () -- C:\Windows\System32\ud6GwqW.vbs
    [2009/10/16 21:08:56 | 00,001,372 | ---- | C] () -- C:\Windows\System32\08rjIhB.vbs
    [2009/10/16 16:18:53 | 00,001,372 | ---- | C] () -- C:\Windows\System32\VVHvCO4Y03S0n.vbs
    [2009/10/19 11:36:45 | 00,001,372 | ---- | C] () -- C:\Windows\System32\xaj0m7Sn42Vhg.vbs
    [2009/10/19 11:20:45 | 00,001,372 | ---- | C] () -- C:\Windows\System32\IGKpXrS0J2YFfuM.vbs
    [2009/10/19 07:49:14 | 00,001,372 | ---- | C] () -- C:\Windows\System32\KCyOYqLccIYHv.vbs
    [2009/10/19 07:10:55 | 00,001,372 | ---- | C] () -- C:\Windows\System32\2TW4uTqa3aYqjlN.vbs
    [2009/10/20 09:13:18 | 00,001,372 | ---- | C] () -- C:\Windows\System32\cIWBawyYtKy0ah1.vbs
    [2009/10/20 08:40:57 | 00,001,372 | ---- | C] () -- C:\Windows\System32\oOpMU.vbs
    [2009/10/26 06:34:50 | 00,001,372 | ---- | C] () -- C:\Windows\System32\G9nTWcpy7spAzjT.vbs
    [2009/10/25 13:31:11 | 00,001,372 | ---- | C] () -- C:\Windows\System32\USig8zeUTsUcHVU.vbs
    [2009/10/24 13:32:32 | 00,202,240 | ---- | C] () -- C:\Windows\System32\dmsynth32.dll
    [2009/10/24 13:32:32 | 00,001,372 | ---- | C] () -- C:\Windows\System32\fw9Lu4yqU73Kz.vbs
    [2009/10/23 10:46:00 | 00,202,240 | ---- | C] () -- C:\Windows\System32\d3d8thk32.dll
    [2009/10/23 10:46:00 | 00,001,372 | ---- | C] () -- C:\Windows\System32\7B20oqsvb1jez.vbs
    [2009/10/23 10:11:32 | 00,202,240 | ---- | C] () -- C:\Windows\System32\csrsrv32.dll
    [2009/10/23 10:11:31 | 00,001,372 | ---- | C] () -- C:\Windows\System32\EaYXoSP9Jmewf.vbs
    [2009/10/23 09:55:40 | 00,202,240 | ---- | C] () -- C:\Windows\System32\framedynos32.dll
    [2009/10/23 09:55:38 | 00,001,372 | ---- | C] () -- C:\Windows\System32\jNGeDRb.vbs
    [2009/10/26 06:34:50 | 00,202,240 | ---- | C] () -- C:\Windows\System32\els32.dll
    [2009/10/28 12:09:43 | 00,202,240 | ---- | C] () -- C:\Windows\System32\deskadp32.dll
    [2009/10/28 12:09:42 | 00,001,372 | ---- | C] () -- C:\Windows\System32\N4bMQyOjpQEl3.vbs
    [2009/10/28 11:58:48 | 00,202,240 | ---- | C] () -- C:\Windows\System32\hhsetup32.dll
    [2009/10/28 11:58:48 | 00,001,372 | ---- | C] () -- C:\Windows\System32\Ha0D3.vbs
    [2009/10/27 08:50:39 | 00,202,240 | ---- | C] () -- C:\Windows\System32\Faultrep32.dll
    [2009/10/27 08:50:39 | 00,001,372 | ---- | C] () -- C:\Windows\System32\A8Vh9X4EfLRb3cX.vbs
    [2009/10/26 16:11:47 | 00,202,240 | ---- | C] () -- C:\Windows\System32\dimsroam32.dll
    [2009/10/26 16:11:47 | 00,001,372 | ---- | C] () -- C:\Windows\System32\O5Nx8QTeUhaCF.vbs
    [2009/10/29 12:32:53 | 00,202,240 | ---- | C] () -- C:\Windows\System32\els3232.dll
    [2009/10/29 12:32:53 | 00,001,372 | ---- | C] () -- C:\Windows\System32\qStpMu5wI6cXYEE.vbs
    [2009/10/29 09:17:45 | 00,202,240 | ---- | C] () -- C:\Windows\System32\dmdskres32.dll
    [2009/10/29 09:17:45 | 00,001,372 | ---- | C] () -- C:\Windows\System32\sVZI9dS.vbs
    [2009/10/31 06:50:19 | 00,202,240 | ---- | C] () -- C:\Windows\System32\dot3dlg32.dll
    [2009/10/31 06:50:18 | 00,001,372 | ---- | C] () -- C:\Windows\System32\OjOoTHT.vbs
    [2009/10/30 14:28:05 | 00,202,240 | ---- | C] () -- C:\Windows\System32\colorui32.dll
    [2009/10/30 14:28:05 | 00,001,372 | ---- | C] () -- C:\Windows\System32\9nI8l4c.vbs
    [2009/11/02 08:00:35 | 00,202,240 | ---- | C] () -- C:\Windows\System32\CompatUI32.dll
    [2009/11/02 08:00:34 | 00,001,372 | ---- | C] () -- C:\Windows\System32\sdD6pC3.vbs
    [2009/11/01 08:20:24 | 00,202,240 | ---- | C] () -- C:\Windows\System32\C_ISCII32.dll
    [2009/11/01 08:20:24 | 00,001,372 | ---- | C] () -- C:\Windows\System32\hRO7U.vbs
    O20 - AppInit_DLLs: (C:\Windows\System32\clusapi32.dll) - C:\Windows\System32\clusapi32.dll ()
    O20 - AppInit_DLLs: (C:\Windows\System32\dispci32.dll) - C:\Windows\System32\dispci32.dll ()
    O20 - AppInit_DLLs: (C:\Windows\System32\blackbox32.dll) - C:\Windows\System32\blackbox32.dll ()
    O20 - AppInit_DLLs: (C:\Windows\System32\d3d832.dll) - C:\Windows\System32\d3d832.dll ()
    O20 - AppInit_DLLs: (C:\Windows\System32\bthserv32.dll) - C:\Windows\System32\bthserv32.dll ()
    O20 - AppInit_DLLs: (C:\Windows\System32\d3dim70032.dll) - C:\Windows\System32\d3dim70032.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O2 - BHO: (no name) - {01784810-7531-42B1-B905-BE0EDA1196D7} - C:\Windows\System32\CompatUI32.dll ()
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 05 November 2009 - 05:54 PM

Ok, everything went well until the very end of the eset scan. I got a message that the program had stopped working. BUT, when I looked at the scan, it said it was completed and there was a log. So, I'll include that as the third log as instructed. Here are the three logs:

OTL log:

All processes killed
========== OTL ==========
C:\Windows\System32\N3aZACi.vbs moved successfully.
C:\Windows\System32\d3d832.dll moved successfully.
C:\Windows\System32\blackbox32.dll moved successfully.
C:\Windows\System32\dispci32.dll moved successfully.
C:\Windows\System32\clusapi32.dll moved successfully.
C:\Windows\System32\VjZtR.vbs moved successfully.
C:\Windows\System32\6uRikhZ2qIwyp.vbs moved successfully.
C:\Windows\System32\d3dim70032.dll moved successfully.
C:\Windows\System32\bthserv32.dll moved successfully.
C:\Windows\System32\nvQZq.vbs moved successfully.
C:\Windows\System32\ud6GwqW.vbs moved successfully.
C:\Windows\System32\08rjIhB.vbs moved successfully.
C:\Windows\System32\VVHvCO4Y03S0n.vbs moved successfully.
C:\Windows\System32\xaj0m7Sn42Vhg.vbs moved successfully.
C:\Windows\System32\IGKpXrS0J2YFfuM.vbs moved successfully.
C:\Windows\System32\KCyOYqLccIYHv.vbs moved successfully.
C:\Windows\System32\2TW4uTqa3aYqjlN.vbs moved successfully.
C:\Windows\System32\cIWBawyYtKy0ah1.vbs moved successfully.
C:\Windows\System32\oOpMU.vbs moved successfully.
C:\Windows\System32\G9nTWcpy7spAzjT.vbs moved successfully.
C:\Windows\System32\USig8zeUTsUcHVU.vbs moved successfully.
C:\Windows\System32\dmsynth32.dll moved successfully.
C:\Windows\System32\fw9Lu4yqU73Kz.vbs moved successfully.
C:\Windows\System32\d3d8thk32.dll moved successfully.
C:\Windows\System32\7B20oqsvb1jez.vbs moved successfully.
C:\Windows\System32\csrsrv32.dll moved successfully.
C:\Windows\System32\EaYXoSP9Jmewf.vbs moved successfully.
C:\Windows\System32\framedynos32.dll moved successfully.
C:\Windows\System32\jNGeDRb.vbs moved successfully.
C:\Windows\System32\els32.dll moved successfully.
C:\Windows\System32\deskadp32.dll moved successfully.
C:\Windows\System32\N4bMQyOjpQEl3.vbs moved successfully.
C:\Windows\System32\hhsetup32.dll moved successfully.
C:\Windows\System32\Ha0D3.vbs moved successfully.
C:\Windows\System32\Faultrep32.dll moved successfully.
C:\Windows\System32\A8Vh9X4EfLRb3cX.vbs moved successfully.
C:\Windows\System32\dimsroam32.dll moved successfully.
C:\Windows\System32\O5Nx8QTeUhaCF.vbs moved successfully.
C:\Windows\System32\els3232.dll moved successfully.
C:\Windows\System32\qStpMu5wI6cXYEE.vbs moved successfully.
C:\Windows\System32\dmdskres32.dll moved successfully.
C:\Windows\System32\sVZI9dS.vbs moved successfully.
C:\Windows\System32\dot3dlg32.dll moved successfully.
C:\Windows\System32\OjOoTHT.vbs moved successfully.
C:\Windows\System32\colorui32.dll moved successfully.
C:\Windows\System32\9nI8l4c.vbs moved successfully.
C:\Windows\System32\CompatUI32.dll moved successfully.
C:\Windows\System32\sdD6pC3.vbs moved successfully.
C:\Windows\System32\C_ISCII32.dll moved successfully.
C:\Windows\System32\hRO7U.vbs moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\System32\clusapi32.dll deleted successfully.
File move failed. C:\Windows\System32\clusapi32.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\System32\dispci32.dll deleted successfully.
File C:\Windows\System32\dispci32.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\System32\blackbox32.dll deleted successfully.
File C:\Windows\System32\blackbox32.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\System32\d3d832.dll deleted successfully.
File C:\Windows\System32\d3d832.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\System32\bthserv32.dll deleted successfully.
File C:\Windows\System32\bthserv32.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\System32\d3dim70032.dll deleted successfully.
File C:\Windows\System32\d3dim70032.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01784810-7531-42B1-B905-BE0EDA1196D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01784810-7531-42B1-B905-BE0EDA1196D7}\ deleted successfully.
File C:\Windows\System32\CompatUI32.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Terry
->Temp folder emptied: 338927 bytes
->Temporary Internet Files folder emptied: 76260213 bytes
->Java cache emptied: 25719622 bytes
->Apple Safari cache emptied: 290816 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 522240 bytes
Windows Temp folder emptied: 80844 bytes
RecycleBin emptied: 60594469 bytes

Total Files Cleaned = 156.22 mb


OTL by OldTimer - Version 3.1.2.2 log created on 11052009_111050

Files\Folders moved on Reboot...
C:\Windows\System32\clusapi32.dll moved successfully.
File\Folder C:\Windows\temp\mcafee_qNj7CWxKJyRofom not found!
File\Folder C:\Windows\temp\mcmsc_fc6myH0rHasBne2 not found!
File\Folder C:\Windows\temp\mcmsc_FxmvnK3EsuPpare not found!
File\Folder C:\Windows\temp\mcmsc_vIapNhDIpsgYz3z not found!
File\Folder C:\Windows\temp\mcmsc_zU7F5pdvkDjToJA not found!
File\Folder C:\Windows\temp\sqlite_1hKZdFAiD6tQyIm not found!
File\Folder C:\Windows\temp\sqlite_8vsoZvlE1XTedrj not found!
C:\Windows\temp\sqlite_IlXIe20ufeZ6Kdo moved successfully.
File\Folder C:\Windows\temp\sqlite_ItaT7dAhuCNneel not found!
File\Folder C:\Windows\temp\sqlite_JIYGlE6XtwHdj34 not found!
C:\Windows\temp\sqlite_JxgWO4m0GZfbsAo moved successfully.
C:\Windows\temp\sqlite_kwm3sHfEm0gD56A moved successfully.

Registry entries deleted on Reboot...


mbam log:

Malwarebytes' Anti-Malware 1.41
Database version: 3106
Windows 6.0.6001 Service Pack 1

11/5/2009 1:50:10 PM
mbam-log-2009-11-05 (13-50-10).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 340637
Time elapsed: 2 hour(s), 8 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\LocalService\329.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\329.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\330.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\330.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\331.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\331.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\332.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\332.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\333.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\333.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\334.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\334.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\335.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\335.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\336.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService\336.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\DPMODEMX32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.


ESET log:

C:\Users\Terry\Desktop\Left side desk top\music\Nine Inche Nails - The Perfect Drug.wma WMA/TrojanDownloader.Wimad.NAA trojan cleaned by deleting - quarantined
C:\Users\Terry\DoctorWeb\Quarantine\hitin[10.htm JS/TrojanDownloader.FraudLoad.NAB trojan cleaned by deleting - quarantined
C:\Users\Terry\DoctorWeb\Quarantine\hitin[11.htm JS/TrojanDownloader.FraudLoad.NAB trojan cleaned by deleting - quarantined
C:\Windows\System32\cmifw32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\blackbox32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\bthserv32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\clusapi32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\colorui32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\CompatUI32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\csrsrv32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\C_ISCII32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\d3d832.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\d3d8thk32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\d3dim70032.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\deskadp32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\dimsroam32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\dispci32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\dmdskres32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\dmsynth32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\dot3dlg32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\els32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\els3232.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\Faultrep32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\framedynos32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11052009_111050\C_Windows\System32\hhsetup32.dll a variant of Win32/Kryptik.AVM trojan cleaned by deleting - quarantined

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:37 PM

Posted 06 November 2009 - 07:47 AM

Looks good:

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 06 November 2009 - 08:25 AM

Ok, here's the latest OTL log requested (ha, I just realized one of the files showing up here is a ".hack-Infection" file I have saved to my desktop. This is just info on that PS2 video game! Nothing bad...lol):

OTL logfile created on: 11/6/2009 7:17:16 AM - Run 2
OTL by OldTimer - Version 3.1.2.2 Folder = C:\Users\Terry\Desktop\HyjackThis no. 2 stuff
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.76% Memory free
4.00 Gb Paging File | 3.18 Gb Available in Paging File | 79.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 213.58 Gb Free Space | 74.15% Space Free | Partition Type: NTFS
Drive D: | 10.04 Gb Total Space | 3.11 Gb Free Space | 30.96% Space Free | Partition Type: NTFS
Drive E: | 74.50 Gb Total Space | 64.96 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERRY-PC
Current User Name: Terry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Terry\Desktop\HyjackThis no. 2 stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Win32 Services (SafeList) ==========

SRV - (GameConsoleService) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (McODS) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (iPod Service) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (mcmscsvc) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MSK80Service) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (gusvc) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Apple Mobile Device) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gupdate1c9c373b9d17d37) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (McAfee SiteAdvisor Service) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (LinksysUpdater) [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (nmservice) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (WinDefend) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) [On_Demand | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (ehSched) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) MPFP [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (pnarp) Pure Networks Device Discovery Driver [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) Pure Networks Wireless Driver [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (vsmraid) vsmraid [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (igfx) igfx [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) ialm [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) adp94xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) elxstor [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) adpahci [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) uliahci [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) adpu320 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) UlSata [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) adpu160m [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) nvraid [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) iirsp [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) nvstor [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) aic78xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) arcsas [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) arc [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) megasas [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) viaide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) cmdide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) aliide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (NETw2v32) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) Realtek 10/100 NIC Family NDIS x86 Driver [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (secdrv) Security Driver [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTLWUSB) NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (UsbDiag) LGE Mobile USB Serial Port [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) LGE CDMA USB Modem [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Soft India)
DRV - (usbbus) LGE CDMA Composite USB Device [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Terry\Desktop\HyjackThis no. 2 stuff\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5620

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 10 48 78 01 31 75 B1 42 B9 05 BE 0E DA 11 96 D7 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:34:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/18 09:26:58 | 00,000,000 | ---D | M]

[2009/04/01 01:57:17 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/10/18 14:48:27 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2009/10/18 14:48:27 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2009/04/01 01:57:17 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/04/09 11:01:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/08 14:53:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2008/08/06 05:13:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/10/18 14:48:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/18 14:48:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/06 05:13:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/08 14:53:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/09 11:01:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/17 01:18:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/17 01:18:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...772/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 24.196.64.53 24.159.193.40
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\clusapi32.dll) - C:\Windows\System32\clusapi32.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/03/17 19:49:00 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/05 16:59:02 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\HyjackThis no. 3 stuff
[2009/11/05 13:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/05 11:10:50 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/05 10:53:48 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\HyjackThis no. 2 stuff
[2009/11/03 23:36:50 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/03 23:36:49 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/02 10:52:31 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\HyjackThis no. 1 stuff
[2009/10/29 10:46:32 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/29 10:46:32 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/29 10:46:32 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/29 10:46:31 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/29 10:45:59 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/29 10:45:59 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/29 10:45:59 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/29 10:45:47 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/29 10:45:47 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/28 17:53:19 | 00,000,000 | ---D | C] -- C:\Program Files\Real Estate ToolKit
[2009/10/28 13:52:49 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 13:52:48 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 13:52:45 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/26 16:44:01 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\MY EBAY AUCTIONS
[2009/10/20 19:57:33 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/10/20 19:47:11 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/20 19:47:10 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/10/20 19:47:10 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/20 19:47:09 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/20 19:47:09 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/20 19:47:09 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/10/20 19:47:08 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/10/20 19:47:08 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/10/20 19:47:07 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/20 19:47:07 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/10/20 19:47:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/10/20 19:47:06 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/20 19:47:06 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/20 19:47:06 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/20 19:47:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/10/20 19:47:05 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/20 19:47:05 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/10/20 19:47:05 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/20 19:44:20 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/10/20 19:44:20 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/10/20 19:44:20 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/10/20 19:44:20 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/10/20 19:44:19 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/10/20 19:44:19 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/10/20 19:44:19 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/10/20 19:44:19 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/10/20 19:44:19 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/10/20 19:44:19 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/10/20 19:44:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/20 19:44:18 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/10/20 19:44:18 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/10/20 19:44:18 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/10/20 19:44:17 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/10/20 19:44:17 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/10/20 19:44:16 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/20 19:44:16 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/10/20 19:44:16 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/10/20 19:44:16 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/10/20 19:44:15 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/20 19:44:15 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/10/20 19:44:15 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/10/20 19:44:15 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/10/20 19:44:14 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/10/20 19:44:13 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/20 19:44:13 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/10/20 19:44:12 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/10/20 19:44:12 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/10/20 19:44:12 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/10/20 19:44:12 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/10/20 19:44:12 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/10/20 19:44:12 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/10/20 19:42:42 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/10/20 10:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2009/10/19 12:53:08 | 00,000,000 | ---D | C] -- C:\Users\Terry\DoctorWeb
[2009/10/19 12:48:17 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Left side desk top
[2009/10/19 12:47:29 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\right side desk top
[2009/10/19 11:07:11 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\virus fix stuff
[2009/10/17 11:17:29 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Stuff to backup
[2009/10/16 11:42:41 | 00,000,000 | ---D | C] -- C:\Windows\McAfee.com
[2009/10/16 07:01:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/10/16 07:01:52 | 00,000,000 | ---D | C] -- C:\9577ecbf483cad75c8d3f76a06e3
[2009/10/15 19:41:30 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/15 19:41:30 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/15 19:38:45 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/10/15 19:38:45 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2009/10/15 19:38:45 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009/10/15 19:38:36 | 00,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2009/10/15 19:38:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/10/15 19:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/10/15 19:34:01 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/10/15 16:17:57 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2009/10/14 03:06:46 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/14 03:06:42 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/14 03:06:42 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/14 03:06:27 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/14 03:06:27 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/10/14 03:06:27 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/10/14 03:06:26 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/10/14 03:06:26 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/10/14 03:06:10 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/14 03:06:09 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/14 03:06:07 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL

========== Files - Modified Within 30 Days ==========

[2009/11/06 07:16:59 | 03,670,016 | -HS- | M] () -- C:\Users\Terry\ntuser.dat
[2009/11/06 07:11:05 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/06 07:11:05 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/06 07:11:05 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/06 07:07:03 | 00,012,855 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/11/06 07:06:19 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/06 07:06:18 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/06 07:06:18 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/06 07:06:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/06 07:06:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/06 07:06:08 | 21,386,28096 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/05 20:08:24 | 00,524,288 | -HS- | M] () -- C:\Users\Terry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/05 20:08:24 | 00,065,536 | -HS- | M] () -- C:\Users\Terry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/05 20:08:10 | 02,060,498 | -H-- | M] () -- C:\Users\Terry\AppData\Local\IconCache.db
[2009/11/05 19:21:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/05 11:40:22 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B2F917B6-E479-4B4F-A9E4-3550BA7BA6B3}.job
[2009/11/05 11:39:22 | 00,002,231 | ---- | M] () -- C:\Users\Terry\Desktop\iTunes.lnk
[2009/11/05 11:14:44 | 00,005,609 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689C.manifest
[2009/11/05 11:14:44 | 00,002,610 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689P.manifest
[2009/11/05 11:14:44 | 00,000,717 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689O.manifest
[2009/11/05 11:14:42 | 00,000,011 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689S.manifest
[2009/11/04 01:02:25 | 00,001,372 | ---- | M] () -- C:\Windows\System32\PpUWLg8kPWTEwDK.vbs
[2009/11/03 20:25:27 | 00,000,272 | ---- | M] () -- C:\Users\Terry\Desktop\.hack--INFECTION (Part 1) Walkthrough - IGN FAQs (2).url
[2009/11/03 20:18:55 | 00,000,272 | ---- | M] () -- C:\Users\Terry\Desktop\.hack goblins.url
[2009/11/03 20:15:10 | 00,000,272 | ---- | M] () -- C:\Users\Terry\Desktop\.hack--INFECTION (Part 1) Walkthrough - IGN FAQs.url
[2009/11/03 19:49:23 | 00,001,372 | ---- | M] () -- C:\Windows\System32\jz4bHuU.vbs
[2009/11/02 11:15:55 | 00,291,328 | ---- | M] () -- C:\imbnkwyt.exe
[2009/11/01 00:00:13 | 00,000,318 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/10/30 11:29:52 | 00,179,528 | ---- | M] () -- C:\Users\Terry\Desktop\pic02781_x[1].jpg
[2009/10/30 11:28:42 | 00,119,515 | ---- | M] () -- C:\Users\Terry\Desktop\pic02779_x[1].jpg
[2009/10/30 10:23:02 | 00,020,566 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2009/10/30 09:32:01 | 00,000,166 | ---- | M] () -- C:\Users\Terry\Desktop\WINGFAM.url
[2009/10/29 17:11:51 | 00,070,304 | ---- | M] () -- C:\Users\Terry\Desktop\ssb 1.JPG
[2009/10/29 17:09:13 | 00,087,962 | ---- | M] () -- C:\Users\Terry\Desktop\ssb 2.JPG
[2009/10/29 14:17:25 | 00,170,839 | ---- | M] () -- C:\Users\Terry\Desktop\j 005.JPG
[2009/10/29 14:16:32 | 00,155,123 | ---- | M] () -- C:\Users\Terry\Desktop\j 006.JPG
[2009/10/29 14:14:36 | 00,457,564 | ---- | M] () -- C:\Users\Terry\Desktop\j 001.JPG
[2009/10/28 21:14:20 | 00,368,779 | ---- | M] () -- C:\Users\Terry\Desktop\f 006.JPG
[2009/10/28 20:33:23 | 00,000,309 | ---- | M] () -- C:\Users\Terry\Desktop\Wisconsin Investment Clubs Companies.url
[2009/10/28 18:07:20 | 00,000,297 | ---- | M] () -- C:\Users\Terry\Desktop\C. Sheets Site.url
[2009/10/28 17:53:28 | 00,000,807 | ---- | M] () -- C:\Users\Public\Desktop\C. Sheets R. Estate Toolkit.lnk
[2009/10/26 08:32:44 | 00,010,752 | ---- | M] () -- C:\Users\Terry\Desktop\PS3 Tips Sheet.wps
[2009/10/26 08:20:28 | 00,009,728 | ---- | M] () -- C:\Users\Terry\Desktop\Console Repair Ticket.wps
[2009/10/26 08:00:38 | 00,009,728 | ---- | M] () -- C:\Users\Terry\Desktop\Blank Works.wps
[2009/10/25 17:32:47 | 00,134,010 | ---- | M] () -- C:\Users\Terry\Desktop\new 013.JPG
[2009/10/21 04:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/21 02:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/20 13:51:13 | 00,444,615 | ---- | M] () -- C:\Users\Terry\Desktop\new 020.JPG
[2009/10/18 17:31:01 | 00,022,528 | ---- | M] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/17 21:37:45 | 00,272,406 | ---- | M] () -- C:\Users\Terry\Desktop\new 016.JPG
[2009/10/16 21:13:30 | 00,000,577 | ---- | M] () -- C:\Users\Terry\Desktop\Gmail Email from Google.url
[2009/10/16 21:12:44 | 00,000,262 | ---- | M] () -- C:\Users\Terry\Desktop\Welcome - PayPal.url
[2009/10/16 18:33:40 | 00,000,600 | ---- | M] () -- C:\Users\Terry\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/16 16:04:20 | 00,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat
[2009/10/16 06:57:04 | 00,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/15 12:14:18 | 00,000,252 | ---- | M] () -- C:\Users\Terry\Desktop\craigslist account log in.url
[2009/10/12 07:34:44 | 00,000,205 | ---- | M] () -- C:\Users\Terry\Desktop\USPS Track.url
[2009/10/07 14:54:44 | 00,032,093 | ---- | M] () -- C:\Users\Terry\Desktop\My eBay Selling All Selling.url
[2009/10/07 08:23:17 | 00,000,748 | ---- | M] () -- C:\Windows\tasks\McAfee Cleanup.job

========== Files Created - No Company Name ==========

[2009/11/04 01:02:25 | 00,001,372 | ---- | C] () -- C:\Windows\System32\PpUWLg8kPWTEwDK.vbs
[2009/11/03 20:25:27 | 00,000,272 | ---- | C] () -- C:\Users\Terry\Desktop\.hack--INFECTION (Part 1) Walkthrough - IGN FAQs (2).url
[2009/11/03 20:18:55 | 00,000,272 | ---- | C] () -- C:\Users\Terry\Desktop\.hack goblins.url
[2009/11/03 20:15:10 | 00,000,272 | ---- | C] () -- C:\Users\Terry\Desktop\.hack--INFECTION (Part 1) Walkthrough - IGN FAQs.url
[2009/11/03 19:49:23 | 00,001,372 | ---- | C] () -- C:\Windows\System32\jz4bHuU.vbs
[2009/11/02 11:15:53 | 00,291,328 | ---- | C] () -- C:\imbnkwyt.exe
[2009/10/30 11:29:16 | 00,179,528 | ---- | C] () -- C:\Users\Terry\Desktop\pic02781_x[1].jpg
[2009/10/30 11:27:57 | 00,119,515 | ---- | C] () -- C:\Users\Terry\Desktop\pic02779_x[1].jpg
[2009/10/30 09:32:01 | 00,000,166 | ---- | C] () -- C:\Users\Terry\Desktop\WINGFAM.url
[2009/10/29 14:13:45 | 00,155,123 | ---- | C] () -- C:\Users\Terry\Desktop\j 006.JPG
[2009/10/29 14:12:53 | 00,170,839 | ---- | C] () -- C:\Users\Terry\Desktop\j 005.JPG
[2009/10/29 14:12:31 | 00,457,564 | ---- | C] () -- C:\Users\Terry\Desktop\j 001.JPG
[2009/10/28 21:10:18 | 00,368,779 | ---- | C] () -- C:\Users\Terry\Desktop\f 006.JPG
[2009/10/28 20:33:23 | 00,000,309 | ---- | C] () -- C:\Users\Terry\Desktop\Wisconsin Investment Clubs Companies.url
[2009/10/28 18:07:20 | 00,000,297 | ---- | C] () -- C:\Users\Terry\Desktop\C. Sheets Site.url
[2009/10/28 17:53:28 | 00,000,807 | ---- | C] () -- C:\Users\Public\Desktop\C. Sheets R. Estate Toolkit.lnk
[2009/10/26 08:32:44 | 00,010,752 | ---- | C] () -- C:\Users\Terry\Desktop\PS3 Tips Sheet.wps
[2009/10/26 08:20:28 | 00,009,728 | ---- | C] () -- C:\Users\Terry\Desktop\Console Repair Ticket.wps
[2009/10/20 19:47:07 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/10/20 13:51:13 | 00,444,615 | ---- | C] () -- C:\Users\Terry\Desktop\new 020.JPG
[2009/10/19 23:24:05 | 02,060,498 | -H-- | C] () -- C:\Users\Terry\AppData\Local\IconCache.db
[2009/10/19 21:04:02 | 21,386,28096 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/17 21:37:45 | 00,272,406 | ---- | C] () -- C:\Users\Terry\Desktop\new 016.JPG
[2009/10/17 21:36:53 | 00,087,962 | ---- | C] () -- C:\Users\Terry\Desktop\ssb 2.JPG
[2009/10/17 21:35:20 | 00,134,010 | ---- | C] () -- C:\Users\Terry\Desktop\new 013.JPG
[2009/10/17 21:32:31 | 00,070,304 | ---- | C] () -- C:\Users\Terry\Desktop\ssb 1.JPG
[2009/10/16 16:04:19 | 00,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/10/15 19:42:22 | 00,012,855 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2009/10/15 19:38:24 | 00,000,340 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/15 19:38:19 | 00,000,318 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2009/10/15 16:18:02 | 00,000,600 | ---- | C] () -- C:\Users\Terry\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 16:00:48 | 00,005,609 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689C.manifest
[2009/10/15 16:00:48 | 00,002,610 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689P.manifest
[2009/10/15 16:00:48 | 00,000,717 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689O.manifest
[2009/10/15 16:00:48 | 00,000,011 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689S.manifest
[2009/10/07 08:20:13 | 00,000,748 | ---- | C] () -- C:\Windows\tasks\McAfee Cleanup.job
[2008/01/02 16:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/11/20 17:35:48 | 00,061,678 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\PFP100JPR.{PB
[2007/11/20 17:35:48 | 00,012,358 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\PFP100JCM.{PB
[2007/11/03 16:31:55 | 00,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/10/24 10:37:23 | 00,020,566 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2007/10/23 05:25:51 | 00,024,206 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\UserTile.png
[2007/10/23 04:57:15 | 00,022,528 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/23 04:53:26 | 00,109,672 | ---- | C] () -- C:\Users\Terry\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/25 10:18:35 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/02/15 17:07:38 | 00,061,440 | ---- | C] () -- C:\Windows\System32\PTQL5F.DLL
[2006/11/22 15:16:18 | 00,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 06:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 06:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 06:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 06:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 04:23:31 | 00,000,169 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:37 PM

Posted 06 November 2009 - 06:58 PM

Yes I was going to say hmm hacking that cannot be good no wonder he was infected. :(
But it appears to be harmless so it can stay.
But I recommend against getting instructions like that as some of those sites are infection holes.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O20 - AppInit_DLLs: (C:\Windows\System32\clusapi32.dll) - C:\Windows\System32\clusapi32.dll File not found
    [2009/11/04 01:02:25 | 00,001,372 | ---- | M] () -- C:\Windows\System32\PpUWLg8kPWTEwDK.vbs
    [2009/11/03 19:49:23 | 00,001,372 | ---- | C] () -- C:\Windows\System32\jz4bHuU.vbs
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

After that let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 07 November 2009 - 03:58 PM

Ok, here are the two logs you requested:

OTL Custom Scans/Fixes log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\System32\clusapi32.dll deleted successfully.
C:\Windows\System32\PpUWLg8kPWTEwDK.vbs moved successfully.
C:\Windows\System32\jz4bHuU.vbs moved successfully.

OTL by OldTimer - Version 3.1.2.2 log created on 11072009_144244


And, the OTL txt log:

OTL logfile created on: 11/7/2009 2:44:06 PM - Run 3
OTL by OldTimer - Version 3.1.2.2 Folder = C:\Users\Terry\Desktop\HyjackThis no. 2 stuff
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.75% Memory free
4.00 Gb Paging File | 3.13 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 211.36 Gb Free Space | 73.38% Space Free | Partition Type: NTFS
Drive D: | 10.04 Gb Total Space | 3.11 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
Drive E: | 74.50 Gb Total Space | 64.82 Gb Free Space | 87.01% Space Free | Partition Type: NTFS
Drive F: | 3.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERRY-PC
Current User Name: Terry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Terry\Desktop\HyjackThis no. 2 stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Win32 Services (SafeList) ==========

SRV - (GameConsoleService) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (McODS) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (iPod Service) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (mcmscsvc) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MSK80Service) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (gusvc) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Apple Mobile Device) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gupdate1c9c373b9d17d37) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (McAfee SiteAdvisor Service) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (LinksysUpdater) [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (nmservice) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (WinDefend) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) [On_Demand | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (ehSched) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) MPFP [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (pnarp) Pure Networks Device Discovery Driver [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) Pure Networks Wireless Driver [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (vsmraid) vsmraid [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (igfx) igfx [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) ialm [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) adp94xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) elxstor [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) adpahci [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) uliahci [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) adpu320 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) UlSata [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) adpu160m [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) nvraid [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) iirsp [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) nvstor [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) aic78xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) arcsas [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) arc [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) megasas [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) viaide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) cmdide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) aliide [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (NETw2v32) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) Realtek 10/100 NIC Family NDIS x86 Driver [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (secdrv) Security Driver [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTLWUSB) NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (UsbDiag) LGE Mobile USB Serial Port [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) LGE CDMA USB Modem [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Soft India)
DRV - (usbbus) LGE CDMA Composite USB Device [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Terry\Desktop\HyjackThis no. 2 stuff\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5620

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 10 48 78 01 31 75 B1 42 B9 05 BE 0E DA 11 96 D7 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:34:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/18 09:26:58 | 00,000,000 | ---D | M]

[2009/04/01 01:57:17 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/10/18 14:48:27 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2009/10/18 14:48:27 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2009/04/01 01:57:17 | 00,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/04/09 11:01:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/08 14:53:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2008/08/06 05:13:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/10/18 14:48:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/18 14:48:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/06 05:13:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/08 14:53:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/09 11:01:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/17 01:18:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/17 01:18:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/17 01:18:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...772/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 24.196.64.53 24.159.193.40
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/03/17 19:49:00 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/05 16:59:02 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\HyjackThis no. 3 stuff
[2009/11/05 13:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/05 11:10:50 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/05 10:53:48 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\HyjackThis no. 2 stuff
[2009/11/03 23:36:50 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/03 23:36:49 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/02 10:52:31 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\HyjackThis no. 1 stuff
[2009/10/29 10:46:32 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/29 10:46:32 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/29 10:46:32 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/29 10:46:31 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/29 10:45:59 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/29 10:45:59 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/29 10:45:59 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/29 10:45:47 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/29 10:45:47 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/28 17:53:19 | 00,000,000 | ---D | C] -- C:\Program Files\Real Estate ToolKit
[2009/10/28 13:52:49 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 13:52:48 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 13:52:45 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/26 16:44:01 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\MY EBAY AUCTIONS
[2009/10/20 19:57:33 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/10/20 19:47:11 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/20 19:47:10 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/10/20 19:47:10 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/20 19:47:09 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/20 19:47:09 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/20 19:47:09 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/10/20 19:47:08 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/10/20 19:47:08 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/10/20 19:47:07 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/20 19:47:07 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/10/20 19:47:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/10/20 19:47:06 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/20 19:47:06 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/20 19:47:06 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/20 19:47:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/10/20 19:47:05 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/20 19:47:05 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/10/20 19:47:05 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/20 19:44:20 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/10/20 19:44:20 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/10/20 19:44:20 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/10/20 19:44:20 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/10/20 19:44:19 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/10/20 19:44:19 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/10/20 19:44:19 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/10/20 19:44:19 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/10/20 19:44:19 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/10/20 19:44:19 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/10/20 19:44:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/20 19:44:18 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/10/20 19:44:18 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/10/20 19:44:18 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/10/20 19:44:17 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/10/20 19:44:17 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/10/20 19:44:16 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/20 19:44:16 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/10/20 19:44:16 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/10/20 19:44:16 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/10/20 19:44:15 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/20 19:44:15 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/10/20 19:44:15 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/10/20 19:44:15 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/10/20 19:44:14 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/10/20 19:44:13 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/20 19:44:13 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/10/20 19:44:12 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/10/20 19:44:12 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/10/20 19:44:12 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/10/20 19:44:12 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/10/20 19:44:12 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/10/20 19:44:12 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/10/20 19:42:42 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/10/20 10:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2009/10/19 12:53:08 | 00,000,000 | ---D | C] -- C:\Users\Terry\DoctorWeb
[2009/10/19 12:48:17 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Left side desk top
[2009/10/19 12:47:29 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\right side desk top
[2009/10/19 11:07:11 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\virus fix stuff
[2009/10/17 11:17:29 | 00,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Stuff to backup
[2009/10/16 11:42:41 | 00,000,000 | ---D | C] -- C:\Windows\McAfee.com
[2009/10/16 07:01:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/10/16 07:01:52 | 00,000,000 | ---D | C] -- C:\9577ecbf483cad75c8d3f76a06e3
[2009/10/15 19:41:30 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/15 19:41:30 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/15 19:38:45 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/10/15 19:38:45 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2009/10/15 19:38:45 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009/10/15 19:38:36 | 00,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2009/10/15 19:38:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/10/15 19:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/10/15 19:34:01 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/10/15 16:17:57 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2009/10/14 03:06:46 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/14 03:06:42 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/14 03:06:42 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/14 03:06:27 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/14 03:06:27 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/10/14 03:06:27 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/10/14 03:06:26 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/10/14 03:06:26 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/10/14 03:06:10 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/14 03:06:09 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/14 03:06:07 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL

========== Files - Modified Within 30 Days ==========

[2009/11/07 14:43:37 | 03,670,016 | -HS- | M] () -- C:\Users\Terry\ntuser.dat
[2009/11/07 14:25:04 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/07 14:25:04 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/07 14:21:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/07 14:09:57 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B2F917B6-E479-4B4F-A9E4-3550BA7BA6B3}.job
[2009/11/07 10:29:44 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/07 10:29:44 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/07 10:29:44 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/07 10:25:54 | 00,012,855 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/11/07 10:25:07 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/07 10:25:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/07 10:25:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/07 10:24:56 | 21,386,28096 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/06 22:59:44 | 00,524,288 | -HS- | M] () -- C:\Users\Terry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/06 22:59:44 | 00,065,536 | -HS- | M] () -- C:\Users\Terry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/06 22:59:32 | 02,217,916 | -H-- | M] () -- C:\Users\Terry\AppData\Local\IconCache.db
[2009/11/06 08:34:38 | 00,021,000 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2009/11/06 08:34:35 | 00,009,216 | ---- | M] () -- C:\Users\Terry\Desktop\Xbox 360 Repair no power Ticket.wps
[2009/11/06 08:34:25 | 00,009,216 | ---- | M] () -- C:\Users\Terry\Desktop\Xbox 360 Repair Ticket.wps
[2009/11/06 08:34:09 | 00,009,728 | ---- | M] () -- C:\Users\Terry\Desktop\PS3 Repair Ticket.wps
[2009/11/06 08:32:43 | 00,010,240 | ---- | M] () -- C:\Users\Terry\Desktop\x360 Tips Sheet.wps
[2009/11/05 11:39:22 | 00,002,231 | ---- | M] () -- C:\Users\Terry\Desktop\iTunes.lnk
[2009/11/05 11:14:44 | 00,005,609 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689C.manifest
[2009/11/05 11:14:44 | 00,002,610 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689P.manifest
[2009/11/05 11:14:44 | 00,000,717 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689O.manifest
[2009/11/05 11:14:42 | 00,000,011 | -HS- | M] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689S.manifest
[2009/11/03 20:25:27 | 00,000,272 | ---- | M] () -- C:\Users\Terry\Desktop\.hack--INFECTION (Part 1) Walkthrough - IGN FAQs (2).url
[2009/11/03 20:18:55 | 00,000,272 | ---- | M] () -- C:\Users\Terry\Desktop\.hack goblins.url
[2009/11/03 20:15:10 | 00,000,272 | ---- | M] () -- C:\Users\Terry\Desktop\.hack--INFECTION (Part 1) Walkthrough - IGN FAQs.url
[2009/11/02 11:15:55 | 00,291,328 | ---- | M] () -- C:\imbnkwyt.exe
[2009/11/01 00:00:13 | 00,000,318 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/10/30 11:29:52 | 00,179,528 | ---- | M] () -- C:\Users\Terry\Desktop\pic02781_x[1].jpg
[2009/10/30 11:28:42 | 00,119,515 | ---- | M] () -- C:\Users\Terry\Desktop\pic02779_x[1].jpg
[2009/10/30 09:32:01 | 00,000,166 | ---- | M] () -- C:\Users\Terry\Desktop\WINGFAM.url
[2009/10/29 17:11:51 | 00,070,304 | ---- | M] () -- C:\Users\Terry\Desktop\ssb 1.JPG
[2009/10/29 17:09:13 | 00,087,962 | ---- | M] () -- C:\Users\Terry\Desktop\ssb 2.JPG
[2009/10/29 14:17:25 | 00,170,839 | ---- | M] () -- C:\Users\Terry\Desktop\j 005.JPG
[2009/10/29 14:16:32 | 00,155,123 | ---- | M] () -- C:\Users\Terry\Desktop\j 006.JPG
[2009/10/29 14:14:36 | 00,457,564 | ---- | M] () -- C:\Users\Terry\Desktop\j 001.JPG
[2009/10/28 21:14:20 | 00,368,779 | ---- | M] () -- C:\Users\Terry\Desktop\f 006.JPG
[2009/10/28 20:33:23 | 00,000,309 | ---- | M] () -- C:\Users\Terry\Desktop\Wisconsin Investment Clubs Companies.url
[2009/10/28 18:07:20 | 00,000,297 | ---- | M] () -- C:\Users\Terry\Desktop\C. Sheets Site.url
[2009/10/28 17:53:28 | 00,000,807 | ---- | M] () -- C:\Users\Public\Desktop\C. Sheets R. Estate Toolkit.lnk
[2009/10/26 08:32:44 | 00,010,752 | ---- | M] () -- C:\Users\Terry\Desktop\PS3 Tips Sheet.wps
[2009/10/26 08:00:38 | 00,009,728 | ---- | M] () -- C:\Users\Terry\Desktop\Blank Works.wps
[2009/10/25 17:32:47 | 00,134,010 | ---- | M] () -- C:\Users\Terry\Desktop\new 013.JPG
[2009/10/21 04:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/21 02:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/20 13:51:13 | 00,444,615 | ---- | M] () -- C:\Users\Terry\Desktop\new 020.JPG
[2009/10/18 17:31:01 | 00,022,528 | ---- | M] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/17 21:37:45 | 00,272,406 | ---- | M] () -- C:\Users\Terry\Desktop\new 016.JPG
[2009/10/16 21:13:30 | 00,000,577 | ---- | M] () -- C:\Users\Terry\Desktop\Gmail Email from Google.url
[2009/10/16 21:12:44 | 00,000,262 | ---- | M] () -- C:\Users\Terry\Desktop\Welcome - PayPal.url
[2009/10/16 18:33:40 | 00,000,600 | ---- | M] () -- C:\Users\Terry\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/16 16:04:20 | 00,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat
[2009/10/16 06:57:04 | 00,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/15 12:14:18 | 00,000,252 | ---- | M] () -- C:\Users\Terry\Desktop\craigslist account log in.url
[2009/10/12 07:34:44 | 00,000,205 | ---- | M] () -- C:\Users\Terry\Desktop\USPS Track.url

========== Files Created - No Company Name ==========

[2009/11/06 08:32:43 | 00,010,240 | ---- | C] () -- C:\Users\Terry\Desktop\x360 Tips Sheet.wps
[2009/11/06 08:27:46 | 00,009,216 | ---- | C] () -- C:\Users\Terry\Desktop\Xbox 360 Repair no power Ticket.wps
[2009/11/06 08:23:06 | 00,009,216 | ---- | C] () -- C:\Users\Terry\Desktop\Xbox 360 Repair Ticket.wps
[2009/11/03 20:25:27 | 00,000,272 | ---- | C] () -- C:\Users\Terry\Desktop\.hack--INFECTION (Part 1) Walkthrough - IGN FAQs (2).url
[2009/11/03 20:18:55 | 00,000,272 | ---- | C] () -- C:\Users\Terry\Desktop\.hack goblins.url
[2009/11/03 20:15:10 | 00,000,272 | ---- | C] () -- C:\Users\Terry\Desktop\.hack--INFECTION (Part 1) Walkthrough - IGN FAQs.url
[2009/11/02 11:15:53 | 00,291,328 | ---- | C] () -- C:\imbnkwyt.exe
[2009/10/30 11:29:16 | 00,179,528 | ---- | C] () -- C:\Users\Terry\Desktop\pic02781_x[1].jpg
[2009/10/30 11:27:57 | 00,119,515 | ---- | C] () -- C:\Users\Terry\Desktop\pic02779_x[1].jpg
[2009/10/30 09:32:01 | 00,000,166 | ---- | C] () -- C:\Users\Terry\Desktop\WINGFAM.url
[2009/10/29 14:13:45 | 00,155,123 | ---- | C] () -- C:\Users\Terry\Desktop\j 006.JPG
[2009/10/29 14:12:53 | 00,170,839 | ---- | C] () -- C:\Users\Terry\Desktop\j 005.JPG
[2009/10/29 14:12:31 | 00,457,564 | ---- | C] () -- C:\Users\Terry\Desktop\j 001.JPG
[2009/10/28 21:10:18 | 00,368,779 | ---- | C] () -- C:\Users\Terry\Desktop\f 006.JPG
[2009/10/28 20:33:23 | 00,000,309 | ---- | C] () -- C:\Users\Terry\Desktop\Wisconsin Investment Clubs Companies.url
[2009/10/28 18:07:20 | 00,000,297 | ---- | C] () -- C:\Users\Terry\Desktop\C. Sheets Site.url
[2009/10/28 17:53:28 | 00,000,807 | ---- | C] () -- C:\Users\Public\Desktop\C. Sheets R. Estate Toolkit.lnk
[2009/10/26 08:32:44 | 00,010,752 | ---- | C] () -- C:\Users\Terry\Desktop\PS3 Tips Sheet.wps
[2009/10/26 08:20:28 | 00,009,728 | ---- | C] () -- C:\Users\Terry\Desktop\PS3 Repair Ticket.wps
[2009/10/20 19:47:07 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/10/20 13:51:13 | 00,444,615 | ---- | C] () -- C:\Users\Terry\Desktop\new 020.JPG
[2009/10/19 23:24:05 | 02,217,916 | -H-- | C] () -- C:\Users\Terry\AppData\Local\IconCache.db
[2009/10/19 21:04:02 | 21,386,28096 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/17 21:37:45 | 00,272,406 | ---- | C] () -- C:\Users\Terry\Desktop\new 016.JPG
[2009/10/17 21:36:53 | 00,087,962 | ---- | C] () -- C:\Users\Terry\Desktop\ssb 2.JPG
[2009/10/17 21:35:20 | 00,134,010 | ---- | C] () -- C:\Users\Terry\Desktop\new 013.JPG
[2009/10/17 21:32:31 | 00,070,304 | ---- | C] () -- C:\Users\Terry\Desktop\ssb 1.JPG
[2009/10/16 16:04:19 | 00,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/10/15 19:42:22 | 00,012,855 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2009/10/15 19:38:24 | 00,000,340 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/15 19:38:19 | 00,000,318 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2009/10/15 16:18:02 | 00,000,600 | ---- | C] () -- C:\Users\Terry\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 16:00:48 | 00,005,609 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689C.manifest
[2009/10/15 16:00:48 | 00,002,610 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689P.manifest
[2009/10/15 16:00:48 | 00,000,717 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689O.manifest
[2009/10/15 16:00:48 | 00,000,011 | -HS- | C] () -- C:\Users\Terry\AppData\Roaming\020000008fef8213689S.manifest
[2008/01/02 16:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/11/20 17:35:48 | 00,061,678 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\PFP100JPR.{PB
[2007/11/20 17:35:48 | 00,012,358 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\PFP100JCM.{PB
[2007/11/03 16:31:55 | 00,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/10/24 10:37:23 | 00,021,000 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2007/10/23 05:25:51 | 00,024,206 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\UserTile.png
[2007/10/23 04:57:15 | 00,022,528 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/23 04:53:26 | 00,109,672 | ---- | C] () -- C:\Users\Terry\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/25 10:18:35 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/02/15 17:07:38 | 00,061,440 | ---- | C] () -- C:\Windows\System32\PTQL5F.DLL
[2006/11/22 15:16:18 | 00,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 06:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 06:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 06:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 06:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 04:23:31 | 00,000,169 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:37 PM

Posted 07 November 2009 - 04:59 PM

Looks good how are things running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 07 November 2009 - 05:17 PM

Well, not getting the hijacked google searches and longer, no DLL error boxes, everything seems fine now! (Fingers Crossed....)
Thaaaaank you.
What now?

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:37 PM

Posted 07 November 2009 - 05:32 PM

======Cleanup======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 07 November 2009 - 07:33 PM

Ok, one last issue maybe? This used to happen often but it just now happened again. Not sure if it has anything to do with this mess or not. I just got this message again, when I went to open the UW Football Badgers' main site (no problems with that site, I'm sure):

(top of error box says-) ASSERT in LSP (inside box is a red/white X & the following-)

iexplore.exe
Assert in LSP

g_socket_data.Lookup(s) = = 0

capture\Isp\nolsp\wsp_patches.cpp:1313

(Below are three clickable boxes) - 'Abort', 'Retry' & 'Ignore'

If I hit Ignore, it goes away....??

I also WAS getting the following 2 but not sure if I will get these now that we've done all this (sorry, I know you're busy, just want to be sure you have all the info on this):

(RunDLL box - There's a red X and the following-) Error loading C:\Users\Terry\AppData\Local\Temp\9D57.temp
The specified module could not be found. (I then click 'ok')
__________________________________________________________________________

(Website address error box - At top of box is the address of whatever website I've just hit
desktop shortcut for. In the box is a red X and the following-) Windows cannot find "whatever website address".
Make sure you typed the name correctly, then try again. (I then click 'ok'. So far, this only happens once per opening.
The second time I hit the shortcut, right away, I do not get this error and the site will open fine.)

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:37 PM

Posted 07 November 2009 - 08:31 PM

Do you have google desktop installed?
If so uninstall it and see if it still happens.

If you don't have Google Desktop installed then uninstall the rest of the google software and see if it stops.
Let me know if that helps.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 07 November 2009 - 09:02 PM

Yes, I had Google Desktop, Google Toolbar and Google Earth. Uninstalled all. I'll surf about and see if that helped. Thanks again.

Added note: I just downloaded Spyware Blaster. I have McAfee antivirus and McAfee firewall. If I keep these three up to date as well as windows and java, that'll do it? thnx.

Edited by t-burg, 07 November 2009 - 09:14 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users