Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack with ad popups


  • Please log in to reply
6 replies to this topic

#1 Pseudo G

Pseudo G

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 01 November 2009 - 01:14 AM

Hi, this seems to be a common problem, but without a common fix.

From time to time Firefox or IE spawns a new window with broken links and ads but always with //67.201.36.16/nolink.html in the first tab.

Malwarebytes' Anti-Malware shows nothing but isn't prevented from running. McAfee also hasn't made a peep.

I haven't (to my knowledge) installed anything recently, so it's probably something I've picked up while browsing.

I haven't tried booting into Safe Mode as I'm concerned it may only make things worse.

Any advice would be appreciated.


DDS Log below



DDS (Ver_09-10-26.01) - NTFSx86
Run by jonesy at 14:07:53.66 on Sun 01/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.511.158 [GMT 9:00]


============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jonesy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Encarta &Researcher: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38012.0515393519
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\MSERO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - d:\applic~1\mozilla\firefox\profiles\y820p1d0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2004-9-14 2295]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-6-24 58464]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2003-12-30 15360]
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;\??\e:\bpiksp50.sys --> e:\BPIKSp50.sys [?]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G+.sys [2005-3-7 21992]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]

=============== Created Last 30 ================

2009-10-31 15:36:33 0 d-----w- c:\program files\Trend Micro
2009-10-17 13:29:20 0 d-----w- c:\documents and settings\jonesy\Tracing
2009-10-17 13:22:15 0 d-----w- c:\program files\Microsoft
2009-10-17 13:21:51 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-17 13:15:25 0 d-----w- c:\program files\common files\Windows Live
2009-10-10 05:21:06 0 d-----w- d:\applic~1\Malwarebytes
2009-10-10 05:20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 05:20:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-10 05:20:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-10 05:20:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 02:17:46 0 d-----w- c:\program files\common files\NSV
2009-10-07 15:02:05 0 d-----w- c:\program files\BattleMail.com

==================== Find3M ====================

2008-02-26 03:19:30 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-02-26 03:19:30 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-02-26 03:19:30 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:10:28.40 ===============

Edited by Pseudo G, 01 November 2009 - 01:19 AM.


BC AdBot (Login to Remove)

 


#2 Pseudo G

Pseudo G
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 01 November 2009 - 01:16 AM

RootRepeal Report


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/01 14:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBACE8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8C3B000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7A33000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\mcafee\common framework\db\agent_homelaptop.xml
Status: Size mismatch (API: 20754, Raw: 20728)

SSDT
-------------------
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x82524109

Stealth Objects
-------------------
Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: services.exe (PID: 628) Address: 0xe21ce020 Size: -

Object: Hidden Module [Name: tdlcmd.dll]
Process: svchost.exe (PID: 860) Address: 0x10000000 Size: 24576

Object: Hidden Module [Name: tdlwsp.dll]
Process: Explorer.EXE (PID: 3432) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: tdlwsp.dll]
Process: firefox.exe (PID: 2608) Address: 0x10000000 Size: 28672

==EOF==

Edited by Pseudo G, 01 November 2009 - 01:20 AM.


#3 Pseudo G

Pseudo G
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 01 November 2009 - 01:17 AM

HJT Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:47 PM, on 1/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = govo.wa.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = govo.wa.edu.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = govo.wa.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = govo.wa.edu.au
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5663 bytes

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:36 PM

Posted 07 November 2009 - 05:45 PM

Hello Pseudo G

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Pseudo G

Pseudo G
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 08 November 2009 - 03:44 AM

Thanks for your help kahdah.

Here is OTL.txt

OTL logfile created on: 8/11/2009 1:46:28 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\jonesy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

510.92 Mb Total Physical Memory | 244.95 Mb Available Physical Memory | 47.94% Memory free
1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.45% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.20 Gb Free Space | 2.03% Space Free | Partition Type: NTFS
Drive D: | 24.46 Gb Total Space | 21.98 Gb Free Space | 89.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 952.11 Mb Total Space | 930.55 Mb Free Space | 97.74% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMELAPTOP
Current User Name: jonesy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\jonesy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
PRC - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe ()
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Network Associates\VirusScan\shstat.exe (Network Associates, Inc.)
PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\jonesy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
SRV - (McTaskManager) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe ()
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE ()
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (PLSRemoteSvc) -- C:\WINDOWS\system32\PLSRemote.exe ()
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (NaiAvFilter1) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - (NaiAvTdi1) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys (Network Associates, Inc.)
DRV - (EntDrv51) -- C:\WINDOWS\system32\drivers\EntDrv51.sys (McAfee, Inc)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ENETHUSB) -- C:\WINDOWS\system32\drivers\enethusb.sys (Efficient Networks, Inc.)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (w70n51) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (HPx9G+) -- C:\WINDOWS\system32\drivers\HPx9G+.sys (KINPOSH)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS ()
DRV - (PMEM) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)
DRV - (gv3) -- C:\WINDOWS\system32\drivers\gv3.sys (Microsoft Corporation)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (VERITAS Software, Inc.)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (VERITAS Software, Inc.)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (VERITAS Software, Inc.)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (VERITAS Software, Inc.)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (VERITAS Software, Inc.)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (VERITAS Software, Inc.)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (VERITAS Software, Inc.)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (VERITAS Software, Inc.)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (VERITAS Software, Inc.)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (VERITAS Software, Inc.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (VERITAS Software, Inc.)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (VERITAS Software, Inc.)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (VERITAS Software, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (S3SSavage) -- C:\WINDOWS\system32\drivers\s3ssavm.sys (S3 Graphics, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)
DRV - (ac97intc) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (PcdrNt) -- C:\WINDOWS\System32\drivers\PcdrNt.sys (PC-Doctor Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 09:27:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 09:31:56 | 00,000,000 | ---D | M]

[2009/11/08 12:52:21 | 00,000,000 | ---D | M] -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\extensions
[2008/02/03 12:06:37 | 00,000,000 | ---D | M] -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/02/03 12:06:36 | 00,000,000 | ---D | M] -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2007/01/29 22:05:26 | 00,000,000 | ---D | M] -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\extensions\temp
[2006/06/25 15:10:21 | 00,000,000 | ---D | M] -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\extensions\videodowloader@videodownloader.net
[2009/11/05 21:12:46 | 00,001,137 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\dictionarycom.xml
[2009/11/05 21:12:46 | 00,002,114 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\google-define.xml
[2009/11/05 21:12:46 | 00,002,859 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\google-images.xml
[2009/11/05 21:12:47 | 00,002,138 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\google-translate-en-it.xml
[2009/11/05 21:12:47 | 00,002,138 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\google-translate-it-en.xml
[2008/02/03 10:02:41 | 00,001,693 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\imdb.xml
[2009/11/05 21:12:49 | 00,005,042 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\myspacecom---name.xml
[2009/11/05 21:12:47 | 00,001,084 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\thesauruscom.xml
[2008/02/03 10:02:39 | 00,004,884 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\urbandictionarycom.xml
[2008/02/03 10:02:41 | 00,001,312 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\wikipedia-en.xml
[2009/11/05 21:12:49 | 00,002,431 | ---- | M] () -- D:\Application Data\Mozilla\Firefox\Profiles\y820p1d0.default\searchplugins\youtube---videos.xml
[2009/11/08 12:52:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/09 13:31:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/15 09:13:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/10/09 13:31:26 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009/10/09 13:31:27 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009/10/09 13:31:27 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009/10/09 13:31:30 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2009/10/09 13:31:31 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2006/05/29 18:37:24 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/09 13:31:41 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/09 13:31:47 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/10/09 13:31:47 | 00,002,206 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/09 13:31:47 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/10/09 13:31:47 | 00,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/09 13:31:47 | 00,001,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/10/09 13:31:47 | 00,002,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/09 13:31:47 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8012.0515393519 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = govo.wa.edu.au
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/27 09:08:33 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e98c0a80-4ca3-11dd-91d9-000cf10c6cec}\Shell - "" = AutoRun
O33 - MountPoints2\{e98c0a80-4ca3-11dd-91d9-000cf10c6cec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e98c0a80-4ca3-11dd-91d9-000cf10c6cec}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2007/10/26 12:34:01 | 08,460,288 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/08 13:44:40 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jonesy\Desktop\OTL.exe
[2009/11/03 18:56:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jonesy\Local Settings\Application Data\DOSBox
[2009/11/03 18:55:59 | 00,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.73
[2009/11/01 14:00:55 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\jonesy\Desktop\RootRepeal.exe
[2009/11/01 00:36:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/01 00:36:08 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- D:\My Documents\HJTInstall.exe
[2009/10/17 22:29:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jonesy\Tracing
[2009/10/17 22:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/17 22:22:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/10/17 22:21:51 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/10/17 22:21:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/10/17 22:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/10/17 22:14:45 | 01,146,696 | ---- | C] (Microsoft Corporation) -- D:\My Documents\wlsetup-custom.exe
[2009/10/10 22:48:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jonesy\Desktop\Nonies school bleep
[2009/10/10 14:21:06 | 00,000,000 | ---D | C] -- D:\Application Data\Malwarebytes
[2009/10/10 14:20:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/10 14:20:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/10 14:20:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/10 14:20:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/10 11:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jonesy\Local Settings\Application Data\ApplicationHistory
[2009/10/10 11:17:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\NSV
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/08 13:44:47 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jonesy\Desktop\OTL.exe
[2009/11/07 12:03:04 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 12:01:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/07 12:00:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/07 12:00:54 | 53,581,0048 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/07 11:26:37 | 08,126,464 | ---- | M] () -- C:\Documents and Settings\jonesy\ntuser.dat
[2009/11/07 11:26:37 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\jonesy\ntuser.ini
[2009/11/03 18:56:03 | 00,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.73.lnk
[2009/11/01 23:38:28 | 00,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/11/01 15:31:09 | 00,001,089 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/01 14:12:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\jonesy\Desktop\settings.dat
[2009/11/01 14:01:07 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\jonesy\Desktop\RootRepeal.exe
[2009/11/01 13:59:23 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\jonesy\Desktop\dds.scr
[2009/11/01 01:23:09 | 02,774,088 | -H-- | M] () -- C:\Documents and Settings\jonesy\Local Settings\Application Data\IconCache.db
[2009/11/01 00:36:34 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\jonesy\Desktop\HijackThis.lnk
[2009/11/01 00:36:10 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- D:\My Documents\HJTInstall.exe
[2009/10/31 17:29:26 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\jonesy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/27 22:06:53 | 00,005,387 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2009/10/25 09:11:47 | 00,430,524 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 09:11:47 | 00,375,274 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/25 09:11:47 | 00,051,384 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/18 11:10:33 | 00,446,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/17 22:28:53 | 00,129,816 | ---- | M] () -- C:\Documents and Settings\jonesy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/17 22:14:36 | 01,146,696 | ---- | M] (Microsoft Corporation) -- D:\My Documents\wlsetup-custom.exe
[2009/10/10 21:00:10 | 00,876,102 | ---- | M] () -- C:\Documents and Settings\jonesy\Desktop\Daily workpad Term 4 2009.docx
[2009/10/10 14:20:59 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/03 18:56:03 | 00,001,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.73.lnk
[2009/11/01 14:12:01 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\jonesy\Desktop\settings.dat
[2009/11/01 13:59:07 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\jonesy\Desktop\dds.scr
[2009/11/01 00:36:33 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\jonesy\Desktop\HijackThis.lnk
[2009/10/10 20:59:58 | 00,876,102 | ---- | C] () -- C:\Documents and Settings\jonesy\Desktop\Daily workpad Term 4 2009.docx
[2009/10/10 14:41:07 | 53,581,0048 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/10 14:20:59 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/05/07 14:19:30 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/02/26 12:12:04 | 02,111,096 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/04/10 22:32:12 | 00,000,231 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/06/04 00:11:04 | 02,774,088 | -H-- | C] () -- C:\Documents and Settings\jonesy\Local Settings\Application Data\IconCache.db
[2005/09/29 15:46:08 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\CtSACKey.sys
[2005/08/28 18:49:44 | 00,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2005/05/03 20:23:03 | 00,000,420 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/28 20:34:42 | 00,000,022 | ---- | C] () -- C:\WINDOWS\twtw.ini
[2005/01/28 19:35:28 | 00,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/01/28 19:27:08 | 00,000,104 | ---- | C] () -- C:\WINDOWS\MSACM.INI
[2004/09/16 19:20:16 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\jonesy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/14 22:12:49 | 00,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2004/08/15 21:47:05 | 00,129,816 | ---- | C] () -- C:\Documents and Settings\jonesy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/04/06 00:07:41 | 00,000,013 | ---- | C] () -- C:\WINDOWS\KEMP3MS.Ini
[2004/03/12 17:12:56 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/02/14 12:22:45 | 00,000,188 | ---- | C] () -- C:\WINDOWS\NETXRAY.INI
[2004/02/04 16:03:40 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2004/02/04 16:03:40 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2004/02/02 00:53:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/02 00:33:13 | 00,005,387 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2004/01/27 09:08:23 | 00,000,062 | -HS- | C] () -- D:\Application Data\desktop.ini
[2003/12/30 03:43:24 | 00,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/12/30 03:25:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/30 03:19:53 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/30 03:17:38 | 00,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2003/12/30 03:10:08 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2003/12/30 03:09:10 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2003/06/24 17:43:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002/11/15 18:14:28 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2002/11/09 05:10:40 | 00,001,112 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/27 10:26:59 | 00,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/27 10:06:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2001/09/01 08:33:58 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[1980/01/01 17:00:00 | 00,001,089 | ---- | C] () -- C:\WINDOWS\win.ini
[1980/01/01 17:00:00 | 00,000,318 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2003/12/30 03:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2007/06/24 23:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2007/03/23 14:01:01 | 00,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2002/08/29 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/07 12:01:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >

#6 Pseudo G

Pseudo G
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 08 November 2009 - 03:47 AM

Extra.txt

OTL Extras logfile created on: 8/11/2009 1:46:28 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\jonesy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

510.92 Mb Total Physical Memory | 244.95 Mb Available Physical Memory | 47.94% Memory free
1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.45% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.20 Gb Free Space | 2.03% Space Free | Partition Type: NTFS
Drive D: | 24.46 Gb Total Space | 21.98 Gb Free Space | 89.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 952.11 Mb Total Space | 930.55 Mb Free Space | 97.74% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMELAPTOP
Current User Name: jonesy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "E:\PFiles\MSOffice\Office\msohtmed.exe" %1 File not found
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\Reference\Britannica\BCD2000.exe" = C:\Program Files\Reference\Britannica\BCD2000.exe:*:Enabled:Britannica CD 2000 Deluxe Edition -- File not found
"C:\Program Files\Britannica\BCD\BCD2000.exe" = C:\Program Files\Britannica\BCD\BCD2000.exe:*:Enabled:Britannica CD 2000 Deluxe Edition -- File not found
"C:\Documents and Settings\All Users\Documents\Phone\Skype.exe" = C:\Documents and Settings\All Users\Documents\Phone\Skype.exe:*:Enabled:Skype -- ()
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"D:\DC++\DCPlusPlus.exe" = D:\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044100C0-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Reference Library 2004
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = IBM RecordNow Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1610E1CE-F420-4B86-B1E6-4B13F256E434}" = Vic Modern Cursive Font
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BAC066E-F2E9-11D2-A171-00C04F6C9FA4}" = Microsoft Office HTML Filter 2.0
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{67D7BC74-E8DF-4811-9B41-6023A8C9BB3F}" = Intel® Sebring API
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = alm
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel® PROSet
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1F721BF-040C-4096-988A-1DB01EB73B0C}" = TPNala Wallpaper
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel® PRO Network Connections Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 1.32
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"UltraEdit-32" = UltraEdit-32 Uninstall
"Winamp" = Winamp (remove only)
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2009 7:54:55 PM | Computer Name = HOMELAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/11/2009 8:42:27 PM | Computer Name = HOMELAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/11/2009 8:43:29 PM | Computer Name = HOMELAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/11/2009 11:01:18 PM | Computer Name = HOMELAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/11/2009 11:02:19 PM | Computer Name = HOMELAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/11/2009 11:48:07 PM | Computer Name = HOMELAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/11/2009 7:02:20 AM | Computer Name = HOMELAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/11/2009 3:02:20 PM | Computer Name = HOMELAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/11/2009 11:02:22 PM | Computer Name = HOMELAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/11/2009 12:41:43 AM | Computer Name = HOMELAPTOP | Source = Application Error | ID = 1000
Description = Faulting application alg.exe, version 5.1.2600.2180, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x0002d9cb.

[ System Events ]
Error - 7/11/2009 3:01:21 AM | Computer Name = HOMELAPTOP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GOVO due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/11/2009 3:19:07 AM | Computer Name = HOMELAPTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/11/2009 6:46:51 AM | Computer Name = HOMELAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 480 minutes. NtpClient has no source of accurate
time.

Error - 7/11/2009 7:01:23 AM | Computer Name = HOMELAPTOP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GOVO due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/11/2009 11:16:22 AM | Computer Name = HOMELAPTOP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GOVO due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/11/2009 2:46:56 PM | Computer Name = HOMELAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 960 minutes. NtpClient has no source of accurate
time.

Error - 7/11/2009 3:16:22 PM | Computer Name = HOMELAPTOP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GOVO due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/11/2009 7:16:22 PM | Computer Name = HOMELAPTOP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GOVO due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/11/2009 11:16:24 PM | Computer Name = HOMELAPTOP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GOVO due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/11/2009 12:41:53 AM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >


Results.txt

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-08 16:43:09
Windows 5.1.2600 Service Pack 2
Running: g9jx4l5d.exe; Driver: C:\DOCUME~1\jonesy\LOCALS~1\Temp\uxdoykow.sys


---- System - GMER 1.0.15 ----

SSDT 82625109 ZwCreateThread

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF8616380]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\services.exe[556] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\lsass.exe[576] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[936] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1048] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1408] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1568] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\System32\svchost.exe[1904] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0A00637C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0A00633E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0A0064F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0A006436 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0A0064B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0A0063F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 0A0063BA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0A006474 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0A00652E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!system 77C293C7 5 Bytes JMP 0A00675C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0A0066A2 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_read 77C2FAA3 5 Bytes JMP 0A00671E C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_write 77C30303 5 Bytes JMP 0A0066E0 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 0A00679A C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0A006816 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0A0067D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 0A006626 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0A00656C C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0A0065E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!send 71AB428A 5 Bytes JMP 0A0065AA C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0A006664 C:\WINDOWS\system32\EntApi.dll (EntAPI/McAfee, Inc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

Device \FileSystem\Fastfat \FatCdrom tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F86099F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort0 [F86099F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [F86099F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F86099F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \FileSystem\Fastfat \Fat tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device \FileSystem\Cdfs \Cdfs B7F2A400

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:36 PM

Posted 08 November 2009 - 08:52 AM

One or more of the identified infections is a backdoor trojan or rootkit.

This can allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

=====================Combofix=====================
First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users