Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My HijackThis log


  • Please log in to reply
15 replies to this topic

#1 pdtecrj

pdtecrj

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 01 November 2009 - 01:49 AM

EDIT* I'm sorry, after I posted my log I noticed the whole "read this topic" link, so here is the other stuff you asked for in that topic. The only thing I couldn't do was create a rootrepeal log, which I believe has something to do with my problem. When I tried to run the program it gave me errors and wouldn't do anything.

I'm getting a lot of google-related link hijackings (I use the latests version of Firefox) and was told to run HijackThis and post the results on here, so here it is! Perhaps you can find other problems I could fix as well. Thanks for your time. Using Windows 7 RC


DDS (Ver_09-10-26.01) - NTFSx86
Run by pdtecrj at 2:07:49.14 on Sun 11/01/2009
Internet Explorer: 8.0.7100.0
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.3070.1495 [GMT -5:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\sttray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pdtecrj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D674LI63\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070428
uSearch Bar = hxxp://www.starbarsearch.com/?useie5=1&q=
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070428
uWindow Title = Internet Explorer provided by Dell
mSearch Bar = hxxp://www.starbarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {140BD8E3-C167-11D4-B4A3-080000180323} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
uRun: [Aim6]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [PC SpeedScan Pro] c:\program files\ascentive\pc speedscan pro\PCSpeedScan.exe -m
uRun: [Fkedehizuq] rundll32.exe "c:\users\pdtecrj\appdata\local\awimejiz.dll",Startup
uRun: [Windows System Defender] "c:\programdata\2687d\WS896.exe" /s /d
uRun: [Rtolipabusaxupet] rundll32.exe "c:\users\pdtecrj\appdata\local\lRORexi.dll",Startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoDFSTab = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\pdtecrj\appdata\roaming\mozilla\firefox\profiles\fzkul1b1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-25 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-25 207280]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 176128]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-25 203280]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-24 24652]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-4-21 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-4-21 266752]
S2 0223951256569706mcinstcleanup;McAfee Application Installer Cleanup (0223951256569706);c:\windows\temp\022395~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\022395~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c92b2bb22cac30;Google Update Service (gupdate1c92b2bb22cac30);c:\program files\google\update\GoogleUpdate.exe [2008-10-10 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-4-21 229888]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2009-4-21 20992]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-11-2 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-25 358600]

=============== Created Last 30 ================

2009-11-01 06:32:07 0 d-----w- c:\program files\Registry Easy
2009-11-01 06:15:15 0 d-----w- c:\programdata\RegCure
2009-11-01 05:43:56 0 d-----w- c:\program files\Trend Micro
2009-11-01 04:11:13 0 d-----w- c:\program files\iPod
2009-11-01 04:11:07 0 d-----w- c:\program files\iTunes
2009-10-31 08:29:33 0 d-----w- c:\program files\Microsoft
2009-10-31 08:29:13 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-29 00:00:52 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-26 01:34:44 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-26 01:34:40 392 ---ha-w- C:\aaw7boot.cmd
2009-10-25 23:59:51 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-25 23:58:03 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-25 23:57:55 0 d-----w- c:\programdata\Lavasoft
2009-10-25 23:57:55 0 d-----w- c:\program files\Lavasoft
2009-10-25 22:15:07 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-25 22:15:07 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-25 22:15:07 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-25 22:15:01 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-25 22:15:01 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-25 22:15:01 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-25 22:15:01 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-25 22:14:52 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-25 22:14:52 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-25 22:14:42 0 d-----w- c:\users\pdtecrj\appdata\roaming\PC Tools
2009-10-25 22:14:42 0 d-----w- c:\programdata\PC Tools
2009-10-25 22:14:42 0 d-----w- c:\program files\Spyware Doctor
2009-10-25 22:14:42 0 d-----w- c:\program files\common files\PC Tools
2009-10-25 22:00:22 9070 ----a-w- c:\windows\system32\Config.MPF
2009-10-25 14:15:56 0 d-----w- c:\programdata\SiteAdvisor
2009-10-25 14:13:46 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-25 14:13:46 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-25 14:13:46 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-25 14:13:42 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-25 14:13:21 0 d-----w- c:\program files\common files\McAfee
2009-10-25 14:13:20 0 d-----w- c:\program files\McAfee.com
2009-10-25 14:13:18 0 d-----w- c:\program files\McAfee
2009-10-25 14:08:13 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-25 13:05:11 0 d-sh--w- c:\programdata\2687d
2009-10-25 13:04:57 0 d-sh--w- c:\users\pdtecrj\appdata\roaming\Windows System Defender
2009-10-25 13:04:57 0 d-sh--w- c:\programdata\WSDDSys
2009-10-20 13:46:35 0 d-----w- c:\programdata\Microsoft Corporation
2009-10-17 07:01:17 306688 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 19:18:57 0 d-----w- c:\programdata\NOS
2009-10-15 19:18:18 0 d--h--w- c:\windows\AxInstSV
2009-10-03 11:17:00 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-26 00:07:33 391402 ----a-w- c:\windows\system32\perfh011.dat
2009-10-26 00:07:33 103496 ----a-w- c:\windows\system32\perfc011.dat
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-10 18:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-28 23:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-18 06:37:02 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-18 06:36:36 348160 ----a-w- c:\windows\system32\atieclxx.exe
2009-08-18 06:36:08 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2009-08-18 06:35:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-08-18 06:34:46 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-18 06:34:32 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-18 06:34:22 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-08-18 06:34:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-08-18 06:31:32 2469888 ----a-w- c:\windows\system32\atidxx32.dll
2009-08-18 06:20:38 3105280 ----a-w- c:\windows\system32\atiumdag.dll
2009-08-18 06:11:52 11650560 ----a-w- c:\windows\system32\atioglxx.dll
2009-08-18 06:05:32 2868736 ----a-w- c:\windows\system32\atiumdva.dll
2009-08-18 05:52:44 51712 ----a-w- c:\windows\system32\atimpc32.dll
2009-08-18 05:52:44 51712 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-18 05:52:08 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-18 05:49:44 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-08-18 05:49:32 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-08-18 05:48:28 3264512 ----a-w- c:\windows\system32\aticaldd.dll
2009-08-18 03:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-05-27 18:24:09 31548 ----a-w- c:\windows\inf\perflib\0411\perfd.dat
2009-05-27 18:24:09 31548 ----a-w- c:\windows\inf\perflib\0411\perfc.dat
2009-05-27 18:24:09 141988 ----a-w- c:\windows\inf\perflib\0411\perfi.dat
2009-05-27 18:24:09 141988 ----a-w- c:\windows\inf\perflib\0411\perfh.dat
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-04-22 08:14:13 174 --sha-w- c:\program files\desktop.ini
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-27 04:24:20 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-05-27 18:01:09 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-04-22 05:19:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe

============= FINISH: 2:09:01.99 ===============

And from my original post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:29 AM, on 11/1/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\sttray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.starbarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.starbarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - HKCU\..\Run: [Fkedehizuq] rundll32.exe "C:\Users\pdtecrj\AppData\Local\awimejiz.dll",Startup
O4 - HKCU\..\Run: [Windows System Defender] "C:\ProgramData\2687d\WS896.exe" /s /d
O4 - HKCU\..\Run: [Rtolipabusaxupet] rundll32.exe "C:\Users\pdtecrj\AppData\Local\lRORexi.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0223951256569706) (0223951256569706mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\022395~1.EXE
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c92b2bb22cac30) (gupdate1c92b2bb22cac30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12845 bytes

Attached Files


Edited by pdtecrj, 01 November 2009 - 10:02 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:31 PM

Posted 07 November 2009 - 05:46 PM

Hello pdtecrj

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 pdtecrj

pdtecrj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 13 November 2009 - 07:29 PM

Thank you for the response, and sorry for the delay. I have my settings set to notify me via email when a response is made to my thread, but for some reason I was never notified. At any rate, here are the three logs:

OTL:

OTL logfile created on: 11/13/2009 6:31:25 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\pdtecrj\Downloads
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 95.36% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 5.56 Gb Free Space | 1.93% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.83 Gb Free Space | 58.25% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PDTECRJ-PC
Current User Name: pdtecrj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\pdtecrj\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\CTSVCCDA.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
PRC - C:\Windows\System32\dlcxcoms.exe ( )
PRC - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\pdtecrj\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.19_none_b6a32c7c247ee542\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (gupdate1c92b2bb22cac30) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Creative Service for CDROM Access) -- C:\Windows\System32\CTSVCCDA.EXE (Creative Technology Ltd)
SRV - (AlertService) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
SRV - (Remote UI Service) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
SRV - (MCLServiceATL) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
SRV - (ISSM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)
SRV - (M1 Server) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( )
SRV - (nmservice) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys ()
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (AMD)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (AMD)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ATIAVPCI) -- C:\Windows\System32\drivers\atinavrr.sys (ATI Technologies Inc.)
DRV - (MRV6X32U) -- C:\Windows\System32\drivers\MRVW24B.sys (Marvell Semiconductor, Inc)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nmsgopro) -- C:\Windows\System32\drivers\nmsgopro.sys (Gteko Ltd.)
DRV - (dsunidrv) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1070428
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1070428
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gamefaqs.com/"
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.14
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/22 03:55:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/07 12:30:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/03 19:57:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 11:38:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 11:38:10 | 00,000,000 | ---D | M]

[2009/11/12 12:18:37 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Extensions
[2008/06/20 10:34:43 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/12 12:18:37 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/02/18 16:55:31 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/13 18:06:24 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\extensions
[2009/05/27 13:01:00 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/25 08:05:39 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\extensions\{39124730-0779-11de-8c30-0800200c9a66}
[2009/10/31 12:12:19 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/14 17:13:33 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/05/26 22:36:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 11:38:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/06 11:38:07 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 11:38:07 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/11/06 11:38:09 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/14 17:12:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/14 17:12:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/14 17:12:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/14 17:12:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/14 17:12:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/14 17:12:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/14 17:12:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/09/23 15:36:40 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/10/16 12:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 12:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 12:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 12:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 12:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 12:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 12:58:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Fkedehizuq] C:\Users\pdtecrj\AppData\Local\awimejiz.DLL (Apple Computer, Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (Ascentive LLC)
O4 - HKCU..\Run: [Rtolipabusaxupet] C:\Users\pdtecrj\AppData\Local\lRORexi.DLL File not found
O4 - HKCU..\Run: [Windows System Defender] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 10:42:25 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/12 12:18:26 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Roaming\IMVU
[2009/11/12 12:17:48 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Roaming\IMVUClient
[2009/11/07 11:49:17 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Local\Deployment
[2009/11/01 01:32:07 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2009/11/01 01:15:15 | 00,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2009/11/01 01:15:15 | 00,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2009/11/01 01:15:13 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/11/01 00:43:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/31 23:11:13 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/31 23:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/31 03:29:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/31 03:29:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/10/28 19:00:52 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/10/25 18:59:51 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/10/25 18:58:03 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/25 18:58:03 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/25 18:57:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/25 18:57:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/25 18:57:55 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/25 17:15:07 | 00,229,304 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/10/25 17:15:07 | 00,097,208 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2009/10/25 17:15:01 | 00,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/10/25 17:15:01 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/10/25 17:14:52 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/10/25 17:14:42 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/10/25 17:14:42 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Roaming\PC Tools
[2009/10/25 17:14:42 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/10/25 17:14:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/25 17:14:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/25 09:15:56 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/25 09:15:56 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/25 09:13:46 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/10/25 09:13:46 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2009/10/25 09:13:46 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009/10/25 09:13:42 | 00,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2009/10/25 09:13:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/10/25 09:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/10/25 09:13:18 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/10/25 09:08:13 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/10/25 08:05:11 | 00,000,000 | -HSD | C] -- C:\ProgramData\2687d
[2009/10/25 08:05:11 | 00,000,000 | -HSD | C] -- C:\ProgramData\2687d
[2009/10/25 08:04:57 | 00,000,000 | -HSD | C] -- C:\ProgramData\WSDDSys
[2009/10/25 08:04:57 | 00,000,000 | -HSD | C] -- C:\Users\pdtecrj\AppData\Roaming\Windows System Defender
[2009/10/25 08:04:57 | 00,000,000 | -HSD | C] -- C:\ProgramData\WSDDSys
[2009/10/25 07:59:47 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Local\{65941020-0F89-481D-9082-5EAC4C63D558}
[2009/10/23 02:00:52 | 05,954,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/20 08:46:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Corporation
[2009/10/20 08:46:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Corporation
[2009/10/17 02:49:21 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Local\AIM
[2009/10/17 02:01:17 | 00,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/15 14:18:57 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/10/15 14:18:57 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/10/15 14:18:57 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/05/27 02:01:43 | 00,174,080 | ---- | C] (Apple Computer, Inc.) -- C:\Users\pdtecrj\AppData\Local\awimejiz.dll
[2006/10/11 17:01:40 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006/10/11 16:59:56 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006/10/11 16:54:10 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006/10/11 16:52:34 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006/10/11 16:51:16 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2006/10/11 16:48:58 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006/10/11 16:48:14 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006/10/11 16:47:42 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006/10/11 16:41:42 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2006/10/11 16:41:04 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006/10/11 16:37:14 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\pdtecrj\Desktop\*.tmp files -> C:\Users\pdtecrj\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/13 18:35:02 | 03,932,160 | -HS- | M] () -- C:\Users\pdtecrj\NTUSER.DAT
[2009/11/13 18:17:56 | 00,000,120 | ---- | M] () -- C:\Users\pdtecrj\AppData\Local\Xbufaf.dat
[2009/11/13 17:53:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/13 17:00:01 | 00,000,442 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/11/13 14:01:25 | 00,000,000 | ---- | M] () -- C:\Users\pdtecrj\AppData\Local\Npecireyiluyir.bin
[2009/11/13 07:53:00 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/12 23:45:24 | 00,000,847 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2009/11/12 19:04:54 | 00,012,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 19:04:54 | 00,012,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 15:33:05 | 00,015,094 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/11/12 12:18:16 | 00,001,891 | ---- | M] () -- C:\Users\pdtecrj\Desktop\IMVU.lnk
[2009/11/12 10:37:19 | 00,000,376 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009/11/10 13:14:07 | 00,031,688 | ---- | M] () -- C:\Users\pdtecrj\Documents\LucreciaBRD1.jpg
[2009/11/07 23:50:19 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2009/11/07 22:36:29 | 00,001,863 | ---- | M] () -- C:\Users\pdtecrj\Desktop\LimeWire 5.3.6.lnk
[2009/11/07 13:35:33 | 01,199,576 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/07 13:35:33 | 00,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/07 13:35:33 | 00,391,402 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2009/11/07 13:35:33 | 00,103,496 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2009/11/07 13:35:33 | 00,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/07 13:29:37 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/07 13:29:20 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/07 13:29:12 | 24,142,84800 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/07 13:28:24 | 02,408,018 | -H-- | M] () -- C:\Users\pdtecrj\AppData\Local\IconCache.db
[2009/11/07 12:59:20 | 00,002,234 | ---- | M] () -- C:\Users\pdtecrj\Desktop\10 - Shortcut.lnk
[2009/11/02 20:18:21 | 15,999,4232 | ---- | M] () -- C:\Users\pdtecrj\Desktop\Katie Cummings - Facial Cum Catchers 7 (2009).wmv
[2009/11/01 01:32:10 | 00,001,032 | ---- | M] () -- C:\Users\pdtecrj\Desktop\Registry Easy.lnk
[2009/11/01 01:15:16 | 00,000,947 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009/11/01 00:43:56 | 00,002,041 | ---- | M] () -- C:\Users\pdtecrj\Desktop\HijackThis.lnk
[2009/11/01 00:00:45 | 00,000,322 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/10/29 10:21:40 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/28 19:00:50 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/10/28 10:46:02 | 27,226,7264 | ---- | M] () -- C:\Users\pdtecrj\Desktop\FiLiGo_sc5_-_AlIv_CaRe_JayLa.avi
[2009/10/25 18:58:01 | 00,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/10/25 17:14:56 | 00,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/10/25 16:59:45 | 00,000,344 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/25 09:44:00 | 00,023,374 | ---- | M] () -- C:\Users\pdtecrj\Documents\cc_20091025_104348.reg
[2009/10/25 09:15:56 | 00,000,978 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2009/10/25 09:15:38 | 00,000,973 | ---- | M] () -- C:\Users\Public\Desktop\McAfee EasyNetwork.lnk
[2009/10/22 04:14:58 | 39,611,4654 | ---- | M] () -- C:\Users\pdtecrj\Desktop\Morgan.Reigns.wmv
[2009/10/19 16:58:36 | 36,777,0256 | ---- | M] () -- C:\Users\pdtecrj\Desktop\Carly Parker & Renae Cruz (A Lesson on Hard Work).wmv
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\pdtecrj\Desktop\*.tmp files -> C:\Users\pdtecrj\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/12 12:18:16 | 00,001,891 | ---- | C] () -- C:\Users\pdtecrj\Desktop\IMVU.lnk
[2009/11/10 13:14:07 | 00,031,688 | ---- | C] () -- C:\Users\pdtecrj\Documents\LucreciaBRD1.jpg
[2009/11/07 22:36:29 | 00,001,863 | ---- | C] () -- C:\Users\pdtecrj\Desktop\LimeWire 5.3.6.lnk
[2009/11/07 12:59:20 | 00,002,234 | ---- | C] () -- C:\Users\pdtecrj\Desktop\10 - Shortcut.lnk
[2009/11/01 01:32:10 | 00,001,032 | ---- | C] () -- C:\Users\pdtecrj\Desktop\Registry Easy.lnk
[2009/11/01 01:15:26 | 00,000,442 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/11/01 01:15:24 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\RegCure Startup.job
[2009/11/01 01:15:19 | 00,000,376 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2009/11/01 01:15:16 | 00,000,947 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009/11/01 00:43:56 | 00,002,041 | ---- | C] () -- C:\Users\pdtecrj\Desktop\HijackThis.lnk
[2009/10/29 10:21:40 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/25 20:34:44 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/10/25 18:58:01 | 00,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/10/25 17:15:07 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2009/10/25 17:15:01 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2009/10/25 17:15:01 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2009/10/25 17:14:56 | 00,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/10/25 17:14:52 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2009/10/25 17:00:22 | 00,015,094 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2009/10/25 09:43:52 | 00,023,374 | ---- | C] () -- C:\Users\pdtecrj\Documents\cc_20091025_104348.reg
[2009/10/25 09:15:56 | 00,000,978 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2009/10/25 09:15:38 | 00,000,973 | ---- | C] () -- C:\Users\Public\Desktop\McAfee EasyNetwork.lnk
[2009/10/25 09:13:31 | 00,000,344 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/25 09:13:29 | 00,000,322 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2009/10/25 07:59:54 | 00,000,000 | ---- | C] () -- C:\Users\pdtecrj\AppData\Local\Npecireyiluyir.bin
[2009/10/25 07:59:51 | 00,000,120 | ---- | C] () -- C:\Users\pdtecrj\AppData\Local\Xbufaf.dat
[2009/09/14 23:58:31 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/27 20:25:14 | 00,083,304 | ---- | C] () -- C:\Users\pdtecrj\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/05/27 12:58:01 | 02,408,018 | -H-- | C] () -- C:\Users\pdtecrj\AppData\Local\IconCache.db
[2009/04/22 03:55:52 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/04/22 03:55:52 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/04/22 03:55:52 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/04/22 03:55:52 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/04/22 03:14:13 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009/04/22 00:58:02 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/04/21 22:50:07 | 00,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/04/21 22:40:32 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/14 21:30:30 | 00,332,368 | ---- | C] () -- C:\Windows\System32\drivers\iaStorV.sys
[2009/03/25 14:03:04 | 00,000,255 | ---- | C] () -- C:\Windows\System32\dlbkcoin.ini
[2009/02/08 22:41:38 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/14 13:45:43 | 00,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/07/12 00:45:59 | 00,000,290 | ---- | C] () -- C:\Windows\dellstat.ini
[2007/05/04 22:00:29 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2007/05/03 15:46:05 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/05/03 15:46:04 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/05/03 15:46:04 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/05/03 15:46:03 | 00,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/05/03 15:46:03 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/05/01 13:39:31 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/05/01 13:39:31 | 00,000,158 | ---- | C] () -- C:\Windows\wininit.ini
[2007/04/27 12:36:41 | 00,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2007/04/27 12:36:41 | 00,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2007/04/27 12:36:41 | 00,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2006/11/07 14:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/10/20 19:07:32 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006/10/20 19:06:42 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006/10/20 19:03:26 | 00,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006/10/20 18:57:38 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006/10/20 18:56:50 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006/10/20 18:55:28 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006/10/20 18:54:42 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006/10/20 18:48:36 | 00,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006/10/20 18:46:42 | 00,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006/09/22 06:42:38 | 00,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/16 22:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 05:13:14 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 14:58:04 | 00,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/04/24 14:09:58 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 18:03:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll

========== LOP Check ==========

[2009/05/26 22:45:20 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\acccore
[2009/05/26 22:45:24 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Ascentive
[2009/05/26 22:45:26 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\ATI
[2009/07/06 23:47:28 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Azureus
[2009/05/26 22:45:27 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\DellFaxCtr
[2009/11/12 12:20:06 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\IMVU
[2009/11/12 12:18:16 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\IMVUClient
[2009/11/13 18:28:58 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\LimeWire
[2008/07/19 17:23:03 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\NCH Swift Sound
[2009/05/26 22:45:43 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Screaming Bee
[2009/09/27 07:47:13 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Tumbywood Software
[2009/10/25 08:06:29 | 00,000,000 | -HSD | M] -- C:\Users\pdtecrj\AppData\Roaming\Windows System Defender
[2009/10/25 16:59:45 | 00,000,344 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/11/01 00:00:45 | 00,000,322 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/11/13 17:00:01 | 00,000,442 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2009/11/07 23:50:19 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\RegCure Startup.job
[2009/11/12 10:37:19 | 00,000,376 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2009/11/07 13:29:37 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/04/22 03:27:21 | 00,010,286 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >



Extras:

OTL Extras logfile created on: 11/13/2009 6:31:25 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\pdtecrj\Downloads
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 95.36% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 5.56 Gb Free Space | 1.93% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.83 Gb Free Space | 58.25% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PDTECRJ-PC
Current User Name: pdtecrj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0 -- ()
"AntiSpywareOverride" = 0 -- ()
"FirewallOverride" = 0 -- ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0 -- ()
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0 -- ()
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel® Viiv™ Software
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3E3722D5-79C6-43A0-3F76-4E443041C324}" = ATI Catalyst Install Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{546A007F-472A-4107-82AE-2790E2C9C89E}" = PC SpeedScan Pro
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65276993-A609-91D8-2229-725BB435882D}" = Catalyst Control Center InstallProxy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1AB809-F821-4F41-8431-44A11ED1EDBA}" = TVT7Diag
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95CC887F-91B2-45E9-AE29-0D51995192CB}" = USB Game Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E4415D0-8343-4D63-8C0C-B2A89871BBF0}" = Network Magic
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CurseClient" = Curse Client
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Intel® Configuration Center" = Intel® Viiv™ Software
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.01 Full
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"RegCure" = RegCure 2.0.0.0
"Registry Easy_is1" = Registry Easy v5.6
"Spyware Doctor" = Spyware Doctor 7.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vuze" = Vuze
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Vuze Launcher" = Vuze Launcher

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Results.log

GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-13 19:16:32
Windows 6.1.7100
Running: flpx17pk.exe; Driver: C:\Users\pdtecrj\AppData\Local\Temp\pftdyfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8B3B9CDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8B3B9ECE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8B3BA0D6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8B3B9982]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E28AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E28104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E283F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E112D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E10898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E281DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E28958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E286F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E28F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E291A8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x90AA37A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x90AA37DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x90AA3821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x90AA3710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x90AA3724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x90AA37B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x90AA3849]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x90AA3835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x90AA378C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x90AA3778]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x90AA37F4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x90AA37CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 82E7D549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E9D6B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!ExQueueWorkItem + 2B4 82EA5A38 8 Bytes [DC, 9C, 3B, 8B, CE, 9E, 3B, ...]
.text ntkrnlpa.exe!ExQueueWorkItem + 2EC 82EA5A70 4 Bytes [D6, A0, 3B, 8B]
.text ntkrnlpa.exe!ExQueueWorkItem + 740 82EA5EC4 4 Bytes [82, 99, 3B, 8B]
.text ntkrnlpa.exe!ZwYieldExecution 82EE1286 5 Bytes JMP 90AA37CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 8306BF89 5 Bytes JMP 90AA377C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 830AE704 5 Bytes JMP 90AA37A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 830B6AA3 7 Bytes JMP 90AA37B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 830B778D 5 Bytes JMP 90AA3728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 830BB1E3 7 Bytes JMP 90AA37E2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 830BB708 5 Bytes JMP 90AA37F8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 830C7C0D 5 Bytes JMP 90AA3714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 830CAC42 5 Bytes JMP 90AA3825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 830DD340 5 Bytes JMP 90AA3839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 830E4E50 5 Bytes JMP 90AA384D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 8312215B 5 Bytes JMP 90AA3790 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text peauth.sys 9D34DC9D 28 Bytes [0F, D4, 99, 3B, 7D, F8, 55, ...]
.text peauth.sys 9D34DCC1 28 Bytes [0F, D4, 99, 3B, 7D, F8, 55, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[536] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 00990F4D
.text C:\Windows\system32\services.exe[536] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 009900A5
.text C:\Windows\system32\services.exe[536] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 00990F10
.text C:\Windows\system32\services.exe[536] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 00990047
.text C:\Windows\system32\services.exe[536] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00990F68
.text C:\Windows\system32\services.exe[536] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 00990F94
.text C:\Windows\system32\services.exe[536] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00990FAF
.text C:\Windows\system32\services.exe[536] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00990FCA
.text C:\Windows\system32\services.exe[536] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 00990011
.text C:\Windows\system32\services.exe[536] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 00990EFF
.text C:\Windows\system32\services.exe[536] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 00990058
.text C:\Windows\system32\services.exe[536] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00990FDB
.text C:\Windows\system32\services.exe[536] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00990000
.text C:\Windows\system32\services.exe[536] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 00990F3C
.text C:\Windows\system32\services.exe[536] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 0099002C
.text C:\Windows\system32\services.exe[536] kernel32.dll!WinExec 7677E649 5 Bytes JMP 00990F2B
.text C:\Windows\system32\services.exe[536] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00990F83
.text C:\Windows\system32\services.exe[536] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00570000
.text C:\Windows\system32\services.exe[536] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00570053
.text C:\Windows\system32\services.exe[536] msvcrt.dll!system 7669AA97 5 Bytes JMP 00570FC8
.text C:\Windows\system32\services.exe[536] msvcrt.dll!_creat 7669E621 5 Bytes JMP 00570FE3
.text C:\Windows\system32\services.exe[536] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00570038
.text C:\Windows\system32\services.exe[536] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 0057001D
.text C:\Windows\system32\services.exe[536] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 009A0FE5
.text C:\Windows\system32\services.exe[536] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 009A0F94
.text C:\Windows\system32\services.exe[536] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 009A0F68
.text C:\Windows\system32\services.exe[536] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 009A0F79
.text C:\Windows\system32\services.exe[536] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 009A0FD4
.text C:\Windows\system32\services.exe[536] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 009A0F4D
.text C:\Windows\system32\services.exe[536] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 009A0FB9
.text C:\Windows\system32\services.exe[536] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 009A000A
.text C:\Windows\system32\services.exe[536] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 004E001B
.text C:\Windows\system32\services.exe[536] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 004E000A
.text C:\Windows\system32\services.exe[536] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 004E0040
.text C:\Windows\system32\services.exe[536] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 004E0051
.text C:\Windows\system32\services.exe[536] WS2_32.dll!socket 76823A38 5 Bytes JMP 009B0FE5
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 000E0F4D
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 000E0F17
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 000E00AC
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 000E0FB2
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 000E0F5E
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 000E006C
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 000E005B
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 000E004A
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 000E0FDE
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 000E00D1
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 000E001E
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 000E002F
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 000E0F32
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 000E0FC3
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!WinExec 7677E649 5 Bytes JMP 000E0091
.text C:\Windows\system32\lsass.exe[552] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 000E0F6F
.text C:\Windows\system32\lsass.exe[552] msvcrt.dll!_open 7666FA00 5 Bytes JMP 000D0000
.text C:\Windows\system32\lsass.exe[552] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 000D005D
.text C:\Windows\system32\lsass.exe[552] msvcrt.dll!system 7669AA97 2 Bytes JMP 000D004C
.text C:\Windows\system32\lsass.exe[552] msvcrt.dll!system + 3 7669AA9A 2 Bytes [A3, 89]
.text C:\Windows\system32\lsass.exe[552] msvcrt.dll!_creat 7669E621 5 Bytes JMP 000D0FD2
.text C:\Windows\system32\lsass.exe[552] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 000D0031
.text C:\Windows\system32\lsass.exe[552] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 000D0FE3
.text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 008A0F8D
.text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 008A0F72
.text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 008A0014
.text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 008A0F61
.text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 008A0FB2
.text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 008A0FC3
.text C:\Windows\system32\lsass.exe[552] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\lsass.exe[552] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 000C000A
.text C:\Windows\system32\lsass.exe[552] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\lsass.exe[552] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 000C0FAF
.text C:\Windows\system32\lsass.exe[552] WS2_32.dll!socket 76823A38 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 00A30080
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00A300AF
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 00A30F1A
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 00A30FD4
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00A30F61
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 00A30054
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00A30F7C
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00A30F8D
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 00A30FE5
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 00A300C0
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 00A30FC3
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00A30FA8
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00A30000
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 00A30F3C
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 00A3001B
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!WinExec 7677E649 5 Bytes JMP 00A30F2B
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00A30065
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00A20FEF
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00A20F8B
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!system 7669AA97 2 Bytes JMP 00A20020
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!system + 3 7669AA9A 2 Bytes [38, 8A]
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!_creat 7669E621 5 Bytes JMP 00A20FC1
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00A20FB0
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 00A20FD2
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 00AE0FEF
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 00AE0F94
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 00AE0025
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 00AE0F83
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 00AE0FDE
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 00AE0F68
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 00AE0FB9
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 00AE000A
.text C:\Windows\system32\svchost.exe[720] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 00A1001B
.text C:\Windows\system32\svchost.exe[720] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 00A10000
.text C:\Windows\system32\svchost.exe[720] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 00A1002C
.text C:\Windows\system32\svchost.exe[720] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 00A1003D
.text C:\Windows\system32\svchost.exe[720] WS2_32.dll!socket 76823A38 5 Bytes JMP 00AD0FEF
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 00990080
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00990F09
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 00990F1A
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 0099001B
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00990065
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 00990F72
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00990F83
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00990F9E
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 0099000A
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 009900B9
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 00990036
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00990FAF
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00990FEF
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 00990F46
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 00990FCA
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!WinExec 7677E649 5 Bytes JMP 00990F35
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00990F61
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00940FE3
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00940F9C
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!system 7669AA97 5 Bytes JMP 00940FB7
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_creat 7669E621 5 Bytes JMP 0094001D
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00940FD2
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 009B0025
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 009B0F97
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 009B0FA8
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 009B0FDE
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 009B0054
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 009B0014
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 009B0FC3
.text C:\Windows\system32\svchost.exe[844] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 00930FE5
.text C:\Windows\system32\svchost.exe[844] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 0093000A
.text C:\Windows\system32\svchost.exe[844] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 00930FD4
.text C:\Windows\system32\svchost.exe[844] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 00930025
.text C:\Windows\system32\svchost.exe[844] WS2_32.dll!socket 76823A38 5 Bytes JMP 009A0000
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 00AB0F8A
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00AB010E
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 00AB00F3
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 00AB0047
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00AB0FA5
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 00AB00A9
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00AB0FD1
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00AB008E
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 00AB0011
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 00AB011F
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 00AB0058
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00AB0073
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00AB0000
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 00AB0F79
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 00AB002C
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!WinExec 7677E649 5 Bytes JMP 00AB00D8
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00AB0FB6
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00510000
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 0051007F
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!system 7669AA97 2 Bytes JMP 0051005A
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!system + 3 7669AA9A 2 Bytes [E7, 89] {OUT 0x89, EAX}
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!_creat 7669E621 5 Bytes JMP 0051002E
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00510049
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 00510011
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 00B10FEF
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 00B10040
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 00B10FC3
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 00B10065
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 00B10FDE
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 00B10080
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 00B1002F
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 00B1000A
.text C:\Windows\System32\svchost.exe[984] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 00500FEF
.text C:\Windows\System32\svchost.exe[984] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 0050000A
.text C:\Windows\System32\svchost.exe[984] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 00500FD4
.text C:\Windows\System32\svchost.exe[984] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 00500FC3
.text C:\Windows\System32\svchost.exe[984] WS2_32.dll!socket 76823A38 5 Bytes JMP 00AC0FE5
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 00E60F61
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00E60F09
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 00E60F1A
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 00E6001E
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00E6008A
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 00E60054
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00E60043
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00E60F86
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 00E60FD4
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 00E60EF8
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 00E60FB2
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00E60FA1
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00E60FEF
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 00E60F46
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 00E60FC3
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!WinExec 7677E649 5 Bytes JMP 00E60F2B
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00E6006F
.text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00E50000
.text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00E50FA8
.text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!system 7669AA97 2 Bytes JMP 00E50033
.text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!system + 3 7669AA9A 2 Bytes [7B, 8A] {JNP 0xffffffffffffff8c}
.text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!_creat 7669E621 5 Bytes JMP 00E50FD7
.text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00E50022
.text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 00E50011
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 00EC0000
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 00EC0FB9
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 00EC004A
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 00EC0F9E
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 00EC0011
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 00EC0F8D
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 00EC0FCA
.text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 00EC0FDB
.text C:\Windows\System32\svchost.exe[1032] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 00B30FE5
.text C:\Windows\System32\svchost.exe[1032] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 00B30000
.text C:\Windows\System32\svchost.exe[1032] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 00B30011
.text C:\Windows\System32\svchost.exe[1032] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 00B30FC0
.text C:\Windows\System32\svchost.exe[1032] WS2_32.dll!socket 76823A38 5 Bytes JMP 00EB000A
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 01000091
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 01000F17
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 01000F28
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 01000FD1
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 01000F68
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 01000F79
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 01000F8A
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 01000FA5
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateFileW 76740AC5 3 Bytes JMP 01000011
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateFileW + 4 76740AC9 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetProcAddress 7674179F 3 Bytes JMP 01000F06
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetProcAddress + 4 767417A3 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA 767427CC 3 Bytes JMP 01000FC0
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA + 4 767427D0 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW 7674281A 3 Bytes JMP 01000047
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW + 4 7674281E 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateFileA 76742864 3 Bytes JMP 01000000
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateFileA + 4 76742868 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 76747C1D 3 Bytes JMP 01000F43
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoW + 4 76747C21 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 01000022
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!WinExec 7677E649 5 Bytes JMP 010000A2
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 01000076
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00FB0000
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00FB0064
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!system 7669AA97 2 Bytes JMP 00FB0049
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!system + 3 7669AA9A 2 Bytes [91, 8A]
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!_creat 7669E621 5 Bytes JMP 00FB0FD9
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00FB002E
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 00FB001D
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 01060000
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 0106006C
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 01060098
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 01060087
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 01060011
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 01060FE5
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 01060051
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 01060036
.text C:\Windows\system32\svchost.exe[1104] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 00F60FE5
.text C:\Windows\system32\svchost.exe[1104] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 00F60000
.text C:\Windows\system32\svchost.exe[1104] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 00F60011
.text C:\Windows\system32\svchost.exe[1104] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 00F60022
.text C:\Windows\system32\svchost.exe[1104] WS2_32.dll!socket 76823A38 5 Bytes JMP 01010000
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 00AD009F
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00AD0F5B
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 00AD00F0
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 00AD0022
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00AD0F76
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 00AD0073
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00AD0F91
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00AD0FAC
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 00AD0000
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 00AD0F40
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 00AD003D
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00AD0058
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00AD0FE5
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 00AD00BA
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 00AD0011
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!WinExec 7677E649 5 Bytes JMP 00AD00D5
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00AD0084
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00AB0FEF
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00AB003F
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!system 7669AA97 2 Bytes JMP 00AB002E
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!system + 3 7669AA9A 2 Bytes [41, 8A]
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_creat 7669E621 5 Bytes JMP 00AB001D
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00AB0FC8
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 00AB000C
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 00AF0000
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 00AF0051
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 00AF007D
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 00AF0062
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 00AF001B
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 00AF0FC0
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 00AF0FDB
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 00AF002C
.text C:\Windows\system32\svchost.exe[1252] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 00AA000A
.text C:\Windows\system32\svchost.exe[1252] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 00AA0FE5
.text C:\Windows\system32\svchost.exe[1252] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 00AA0025
.text C:\Windows\system32\svchost.exe[1252] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 00AA0FCA
.text C:\Windows\system32\svchost.exe[1252] WS2_32.dll!socket 76823A38 5 Bytes JMP 00AE0000
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 005100CE
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00510F79
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 0051010E
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 0051002C
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00510F9B
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 0051009F
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00510084
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00510073
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 00510FDB
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 00510129
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 0051003D
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00510058
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00510000
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 005100E9
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 00510011
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!WinExec 7677E649 5 Bytes JMP 00510F8A
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00510FAC
.text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00500000
.text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00500FB7
.text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!system 7669AA97 5 Bytes JMP 00500FC8
.text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!_creat 7669E621 5 Bytes JMP 00500FE3
.text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 0050002E
.text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 00500011
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 00950062
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 0095007D
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 00950FDB
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 00950025
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 00950FC0
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 00950051
.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 00950036
.text C:\Windows\system32\svchost.exe[1416] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 004F0FEF
.text C:\Windows\system32\svchost.exe[1416] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 004F000A
.text C:\Windows\system32\svchost.exe[1416] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 004F0FD4
.text C:\Windows\system32\svchost.exe[1416] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 004F0FC3
.text C:\Windows\system32\svchost.exe[1416] WS2_32.dll!socket 76823A38 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 00D30F4A
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00D300C4
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 00D300B3
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 00D30025
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00D30F65
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 00D30058
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00D30F80
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00D30047
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 00D30014
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 00D300D5
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 00D30036
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00D30FAF
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00D30FEF
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 00D30F39
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 00D30FD4
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!WinExec 7677E649 5 Bytes JMP 00D30098
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00D30073
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00D20FEF
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00D20FCA
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!system 7669AA97 2 Bytes JMP 00D20055
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!system + 3 7669AA9A 2 Bytes [68, 8A]
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!_creat 7669E621 5 Bytes JMP 00D20029
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00D2003A
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 00D2000C
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 00DD0FEF
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 00DD0054
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 00DD006F
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 00DD0FCD
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 00DD0014
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 00DD0080
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 00DD0FDE
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 00DD002F
.text C:\Windows\system32\svchost.exe[1676] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[1676] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 00D10000
.text C:\Windows\system32\svchost.exe[1676] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 00D10025
.text C:\Windows\system32\svchost.exe[1676] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 00D10FCA
.text C:\Windows\system32\svchost.exe[1676] WS2_32.dll!socket 76823A38 5 Bytes JMP 00DC0FE5
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 009600A9
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00960F25
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 00960F40
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 0096002C
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00960F80
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 00960F91
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00960069
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00960058
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 0096000A
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 009600D5
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 0096003D
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00960FAC
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 009600BA
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 0096001B
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!WinExec 7677E649 5 Bytes JMP 00960F51
.text C:\Windows\system32\svchost.exe[2036] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 0096008E
.text C:\Windows\system32\svchost.exe[2036] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[2036] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00940042
.text C:\Windows\system32\svchost.exe[2036] msvcrt.dll!system 7669AA97 5 Bytes JMP 00940FB7
.text C:\Windows\system32\svchost.exe[2036] msvcrt.dll!_creat 7669E621 5 Bytes JMP 00940FD2
.text C:\Windows\system32\svchost.exe[2036] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00940027
.text C:\Windows\system32\svchost.exe[2036] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 00940FE3
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 0099000A
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 00990051
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 00990076
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 00990FD4
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 00990FEF
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 00990FB9
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 00990036
.text C:\Windows\system32\svchost.exe[2036] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 00990025
.text C:\Windows\system32\svchost.exe[2036] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 00510FEF
.text C:\Windows\system32\svchost.exe[2036] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 00510000
.text C:\Windows\system32\svchost.exe[2036] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 00510FDE
.text C:\Windows\system32\svchost.exe[2036] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 0051002F
.text C:\Windows\system32\svchost.exe[2036] WS2_32.dll!socket 76823A38 5 Bytes JMP 0097000A
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 00AF0FA2
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00AF0F5B
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 00AF0F76
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 00AF0047
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00AF00D5
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 00AF00A9
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00AF0084
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00AF0FC7
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 00AF0011
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 00AF0F40
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 00AF0058
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00AF0073
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00AF0000
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 00AF0F91
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 00AF0036
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!WinExec 7677E649 5 Bytes JMP 00AF00FA
.text C:\Windows\system32\svchost.exe[2624] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00AF00BA
.text C:\Windows\system32\svchost.exe[2624] msvcrt.dll!_open 7666FA00 5 Bytes JMP 009E000C
.text C:\Windows\system32\svchost.exe[2624] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 009E007A
.text C:\Windows\system32\svchost.exe[2624] msvcrt.dll!system 7669AA97 2 Bytes JMP 009E005F
.text C:\Windows\system32\svchost.exe[2624] msvcrt.dll!system + 3 7669AA9A 2 Bytes [34, 8A] {XOR AL, 0x8a}
.text C:\Windows\system32\svchost.exe[2624] msvcrt.dll!_creat 7669E621 5 Bytes JMP 009E0029
.text C:\Windows\system32\svchost.exe[2624] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 009E0044
.text C:\Windows\system32\svchost.exe[2624] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\svchost.exe[2624] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 00B40FEF
.text C:\Windows\system32\svchost.exe[2624] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 00B40036
.text C:\Windows\system32\svchost.exe[2624] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 00B40051
.text C:\Windows\system32\svchost.exe[2624] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 00B40FAF
.text C:\Windows\system32\svchost.exe[2624] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 00B40FD4
.text C:\Windows\system32\svchost.exe[2624] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 00B4006C
.text C:\Windows\system32\svchost.exe[2624] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 00B4001B
.text C:\Windows\system32\svchost.exe[2624] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 00B4000A
.text C:\Windows\system32\svchost.exe[2624] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 0099001B
.text C:\Windows\system32\svchost.exe[2624] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 00990000
.text C:\Windows\system32\svchost.exe[2624] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 0099002C
.text C:\Windows\system32\svchost.exe[2624] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 0099003D
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 00060F5E
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00060F28
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 000600BD
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 00060036
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00060F6F
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 00060F9B
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00060073
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00060062
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 00060FEF
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 000600D8
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 00060051
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00060FCA
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00060000
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 00060F43
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 00060025
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!WinExec 7677E649 5 Bytes JMP 000600AC
.text C:\Windows\Explorer.EXE[3100] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00060F8A
.text C:\Windows\Explorer.EXE[3100] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 00080FEF
.text C:\Windows\Explorer.EXE[3100] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 0008001B
.text C:\Windows\Explorer.EXE[3100] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 00080F9E
.text C:\Windows\Explorer.EXE[3100] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 00080040
.text C:\Windows\Explorer.EXE[3100] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 00080FDE
.text C:\Windows\Explorer.EXE[3100] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 00080F79
.text C:\Windows\Explorer.EXE[3100] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 0008000A
.text C:\Windows\Explorer.EXE[3100] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 00080FB9
.text C:\Windows\Explorer.EXE[3100] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00090FEF
.text C:\Windows\Explorer.EXE[3100] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00090033
.text C:\Windows\Explorer.EXE[3100] msvcrt.dll!system 7669AA97 5 Bytes JMP 00090FA8
.text C:\Windows\Explorer.EXE[3100] msvcrt.dll!_creat 7669E621 5 Bytes JMP 00090FDE
.text C:\Windows\Explorer.EXE[3100] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00090FCD
.text C:\Windows\Explorer.EXE[3100] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 0009000C
.text C:\Windows\Explorer.EXE[3100] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 0030000A
.text C:\Windows\Explorer.EXE[3100] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 00300FEF
.text C:\Windows\Explorer.EXE[3100] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 00300025
.text C:\Windows\Explorer.EXE[3100] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 00300036
.text C:\Windows\Explorer.EXE[3100] WS2_32.dll!socket 76823A38 5 Bytes JMP 002F000A
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 00080F79
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 00080F54
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 000800E9
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 00080FCA
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 00080F8A
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 0008008E
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 00080073
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 00080062
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 0008000A
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 00080F39
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 00080036
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 00080047
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 000800C7
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 0008001B
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!WinExec 7677E649 5 Bytes JMP 000800D8
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 00080F9B
.text C:\Windows\system32\svchost.exe[4052] msvcrt.dll!_open 7666FA00 5 Bytes JMP 000A0000
.text C:\Windows\system32\svchost.exe[4052] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 000A0F9E
.text C:\Windows\system32\svchost.exe[4052] msvcrt.dll!system 7669AA97 5 Bytes JMP 000A0FC3
.text C:\Windows\system32\svchost.exe[4052] msvcrt.dll!_creat 7669E621 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[4052] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\svchost.exe[4052] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 000A001D
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 000B0000
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 000B002C
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 000B0047
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 000B0FA5
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 000B0FDB
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 000B0F8A
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 000B0FC0
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 000B0011
.text C:\Windows\system32\svchost.exe[4052] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 002C0FD4
.text C:\Windows\system32\svchost.exe[4052] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\svchost.exe[4052] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[4052] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 002C001B
.text C:\Windows\system32\svchost.exe[4052] WS2_32.dll!socket 76823A38 5 Bytes JMP 002E0000
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!GetStartupInfoA 766F1DF0 5 Bytes JMP 000C0F39
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateProcessW 766F202D 5 Bytes JMP 000C00A9
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateProcessA 766F2062 5 Bytes JMP 000C0F1E
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateNamedPipeW 76721F46 5 Bytes JMP 000C0014
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreatePipe 767249FB 5 Bytes JMP 000C0F54
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!VirtualProtect 7673501B 5 Bytes JMP 000C006C
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!LoadLibraryExW 7673B62F 5 Bytes JMP 000C005B
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!LoadLibraryExA 7673BBFB 5 Bytes JMP 000C0FA8
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateFileW 76740AC5 5 Bytes JMP 000C0FDE
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!GetProcAddress 7674179F 5 Bytes JMP 000C00C4
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!LoadLibraryA 767427CC 5 Bytes JMP 000C002F
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!LoadLibraryW 7674281A 5 Bytes JMP 000C0040
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateFileA 76742864 5 Bytes JMP 000C0FEF
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!GetStartupInfoW 76747C1D 5 Bytes JMP 000C007D
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateNamedPipeA 7677D487 5 Bytes JMP 000C0FCD
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!WinExec 7677E649 5 Bytes JMP 000C0098
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!VirtualProtectEx 7677F649 5 Bytes JMP 000C0F6F
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!_open 7666FA00 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!_wsystem 7669A977 5 Bytes JMP 00150033
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!system 7669AA97 2 Bytes JMP 00150018
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!system + 3 7669AA9A 2 Bytes [AB, 89]
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!_creat 7669E621 5 Bytes JMP 00150FC3
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!_wcreat 7669FC86 5 Bytes JMP 00150FA8
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!_wopen 7669FE68 5 Bytes JMP 00150FDE
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegOpenKeyA 76BFEECE 5 Bytes JMP 00160000
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegCreateKeyA 76BFEFBA 5 Bytes JMP 00160FCA
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegCreateKeyExA 76C00CD9 5 Bytes JMP 00160F94
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegCreateKeyW 76C00DCE 5 Bytes JMP 00160FAF
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegOpenKeyW 76C06854 5 Bytes JMP 00160011
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegCreateKeyExW 76C0A8C7 5 Bytes JMP 00160F83
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegOpenKeyExW 76C0ABE6 5 Bytes JMP 00160FDB
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegOpenKeyExA 76C0AE4F 5 Bytes JMP 0016002C
.text C:\Windows\System32\svchost.exe[5832] WININET.dll!InternetOpenW 76163EDF 5 Bytes JMP 004D0FD4
.text C:\Windows\System32\svchost.exe[5832] WININET.dll!InternetOpenA 76168F03 5 Bytes JMP 004D0FEF
.text C:\Windows\System32\svchost.exe[5832] WININET.dll!InternetOpenUrlA 7616A78B 5 Bytes JMP 004D0FC3
.text C:\Windows\System32\svchost.exe[5832] WININET.dll!InternetOpenUrlW 761B96FC 5 Bytes JMP 004D0FA8
.text C:\Windows\System32\svchost.exe[5832] WS2_32.dll!socket 76823A38 5 Bytes JMP 004F0FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B44A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B44A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B44A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1900] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B44A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1900] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B44A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1900] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B44A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:31 PM

Posted 14 November 2009 - 06:46 AM

First please uninstall these programs:
PC SpeedScan Pro
RegCure
Registry Easy_is1
ViewpointMediaPlayer

==================
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKCU..\Run: [Fkedehizuq] C:\Users\pdtecrj\AppData\Local\awimejiz.DLL (Apple Computer, Inc.)
    O4 - HKCU..\Run: [Rtolipabusaxupet] C:\Users\pdtecrj\AppData\Local\lRORexi.DLL File not found
    O4 - HKCU..\Run: [Windows System Defender] File not found
    [2009/10/25 08:05:11 | 00,000,000 | -HSD | C] -- C:\ProgramData\2687d
    [2009/10/25 08:05:11 | 00,000,000 | -HSD | C] -- C:\ProgramData\2687d
    [2009/10/25 08:04:57 | 00,000,000 | -HSD | C] -- C:\ProgramData\WSDDSys
    [2009/10/25 08:04:57 | 00,000,000 | -HSD | C] -- C:\Users\pdtecrj\AppData\Roaming\Windows System Defender
    [2009/10/25 08:04:57 | 00,000,000 | -HSD | C] -- C:\ProgramData\WSDDSys
    [2009/10/25 07:59:54 | 00,000,000 | ---- | C] () -- C:\Users\pdtecrj\AppData\Local\Npecireyiluyir.bin
    [2009/10/25 07:59:51 | 00,000,120 | ---- | C] () -- C:\Users\pdtecrj\AppData\Local\Xbufaf.dat
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Edited by kahdah, 14 November 2009 - 07:10 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 pdtecrj

pdtecrj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 14 November 2009 - 04:00 PM

Thanks again for the response. I began to follow your instructions, but ran into a problem. I closed all programs and ran OTL fix with the code that you posted, beginning with :OTL
and ending with [emptytemp]. OTL ran, and it prompted me to restart. When Windows rebooted, it showed me the log just as you said it would, however I clicked "Save as..." to save a copy to my desktop, and that's when the trouble started. When I clicked "Desktop" from the list on the left of the "Save as..." menu, my computer instantly froze, and then about 10 seconds later restarted and asked me if I wanted to start in safe mode, normal mode, etc. I chose normal, and again, before it even got to the Windows logon screen, it restarted again, and gave me 2 options: start windows normally, or try to repair something that broke recently. I tried repairing, and after about an hour of scanning, it realized it could not fix my problem, so it had me system-restore to when I uninstalled PC Scan Pro right before running OTL, and now I'm back to this.

The log from OTL still exists, so I'll post that, but I didn't want to do anything else until letting you know what happened with the automatic restart problem. And I noticed that this log file did not have an "end of log" line at the bottom, so I just wanted to let you know that yes, this is the entire log that saved, same before and after the unwanted restart, just in case there was supposed to be more.



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Fkedehizuq deleted successfully.
C:\Users\pdtecrj\AppData\Local\awimejiz.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully.
C:\Program Files\Windows Live\Messenger\msnmsgr.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Rtolipabusaxupet deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Defender deleted successfully.
C:\ProgramData\2687d\ moved successfully.
Folder C:\ProgramData\2687d\ not found.
C:\ProgramData\WSDDSys\ moved successfully.
C:\Users\pdtecrj\AppData\Roaming\Windows System Defender\ moved successfully.
Folder C:\ProgramData\WSDDSys\ not found.
C:\Users\pdtecrj\AppData\Local\Npecireyiluyir.bin moved successfully.
C:\Users\pdtecrj\AppData\Local\Xbufaf.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: pdtecrj
->Temp folder emptied: 1028 bytes
->Temporary Internet Files folder emptied: 48315079 bytes
->Java cache emptied: 9337997 bytes
->FireFox cache emptied: 68561926 bytes
->Apple Safari cache emptied: 132872 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4505600 bytes
Windows Temp folder emptied: 271233 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 125.08 mb


OTL by OldTimer - Version 3.1.5.0 log created on 11142009_145211

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_Lm8EAgglsfKC8d3 not found!
File\Folder C:\Windows\temp\mcmsc_7buYVAxvKmz9OfA not found!
File\Folder C:\Windows\temp\mcmsc_CA8fcOlgfiYHqA3 not found!
File\Folder C:\Windows\temp\mcmsc_lWxifptyZWKM49n not found!
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\sqlite_97j0dUUkxnLxF2s not found!
File\Folder C:\Windows\temp\sqlite_OCAngUEd4CQqRVz not found!
C:\Windows\temp\sqlite_Q8bcApPubkev2jS moved successfully.
C:\Windows\temp\sqlite_qQxqI758D2NiOix moved successfully.
File\Folder C:\Windows\temp\sqlite_xQwdSpQSrHyIlgT not found!
C:\Windows\temp\sqlite_yinzmB7cBInKmuk moved successfully.
File\Folder C:\Windows\temp\sqlite_yUfaI7txHHeJBti not found!

Registry entries deleted on Reboot...

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:31 PM

Posted 14 November 2009 - 04:16 PM

Ok strange but glad you are running again.
Go ahead with mbam and the Eset scanner post those when you can.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 pdtecrj

pdtecrj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 14 November 2009 - 04:17 PM

OK thanks, will run now

#8 pdtecrj

pdtecrj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 14 November 2009 - 06:16 PM

OK well, I tried running MBAM twice, and both times it froze at about the same spot and gave me the following error message:

Malwarebytes' Anti-Malware has stopped working:
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available. [Close program]

Both times it happened at about 22-24 minutes in, both times it had found 4 infected objects, and both times it was scanning the same folder:
Stuck at C:\Program Files\Common Files\WindowsLiveInstaller\MsiSources\

I did run the ESET following your instructions, and it found and removed 4 threats. However, the log file seems to be incomplete. I'm not sure, but there were only the following 2 lines:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

No prompt to restart or anything, but the ESET window seemed to have cleaned the 4 threats by deletion.

#9 pdtecrj

pdtecrj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 14 November 2009 - 06:30 PM

I'm sorry, one last thing I have noticed, and I only bring it up because I saw in the OTL fix you had me do something with it.

I decided to restart my computer, and when it came back online, the following window popped up:

RunDLL
RunDLL
There was a problem starting C:\Users\pdtecrj\AppData\Local\IRORexi.dll

The specified module could not be found. [OK]

It's actually been happening since my first post, but I only thought to bring it up this time because of that OTL fix. Also, I cannot tell if it is 1(one)RORexi.dll, or I(eye)RORexi.dll, or l(L)RORexi.dll, but if I had to guess I would guess it is a capital I or lowercase L, not a number 1, and I noticed the OTL fix has it as 1RORexi.dll. I realize the one in the OTL fix could be unrelated to this, but I just wanted to bring it up. Thank you very much once more.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:31 PM

Posted 14 November 2009 - 07:12 PM

Strange about Mbam but the file you mentioned is giving an error because the registry entry for that file is empty so it has no file to associate the entry with so it produces an error.
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Edited by kahdah, 14 November 2009 - 07:12 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 pdtecrj

pdtecrj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 14 November 2009 - 10:35 PM

OTL logfile created on: 11/14/2009 10:25:07 PM - Run 2
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\pdtecrj\Downloads
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 92.75% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 6.09 Gb Free Space | 2.12% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.83 Gb Free Space | 58.25% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PDTECRJ-PC
Current User Name: pdtecrj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\pdtecrj\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\CTSVCCDA.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
PRC - C:\Windows\System32\dlcxcoms.exe ( )
PRC - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\pdtecrj\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.19_none_b6a32c7c247ee542\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (gupdate1c92b2bb22cac30) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (Creative Service for CDROM Access) -- C:\Windows\System32\CTSVCCDA.EXE (Creative Technology Ltd)
SRV - (AlertService) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
SRV - (Remote UI Service) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
SRV - (MCLServiceATL) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
SRV - (ISSM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)
SRV - (M1 Server) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( )
SRV - (nmservice) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (AMD)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (AMD)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ATIAVPCI) -- C:\Windows\System32\drivers\atinavrr.sys (ATI Technologies Inc.)
DRV - (MRV6X32U) -- C:\Windows\System32\drivers\MRVW24B.sys (Marvell Semiconductor, Inc)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nmsgopro) -- C:\Windows\System32\drivers\nmsgopro.sys (Gteko Ltd.)
DRV - (dsunidrv) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1070428
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1070428
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gamefaqs.com/"
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.14
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/22 03:55:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/07 12:30:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/03 19:57:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 11:38:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/14 14:47:33 | 00,000,000 | ---D | M]

[2009/11/12 12:18:37 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Extensions
[2008/06/20 10:34:43 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/12 12:18:37 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/02/18 16:55:31 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/14 18:16:29 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\extensions
[2009/05/27 13:01:00 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/25 08:05:39 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\extensions\{39124730-0779-11de-8c30-0800200c9a66}
[2009/10/31 12:12:19 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/14 17:13:33 | 00,000,000 | ---D | M] -- C:\Users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/05/26 22:36:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 11:38:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/06 11:38:07 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 11:38:07 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/11/06 11:38:09 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/14 17:12:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/14 17:12:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/14 17:12:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/14 17:12:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/14 17:12:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/14 17:12:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/14 17:12:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/23 15:36:40 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/10/16 12:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 12:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 12:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 12:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 12:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 12:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 12:58:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Fkedehizuq] C:\Users\pdtecrj\AppData\Local\awimejiz.DLL (Apple Computer, Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (Ascentive LLC)
O4 - HKCU..\Run: [Rtolipabusaxupet] C:\Users\pdtecrj\AppData\Local\lRORexi.DLL File not found
O4 - HKCU..\Run: [Windows System Defender] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 10:42:25 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/14 17:21:48 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/14 14:52:11 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/12 12:18:26 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Roaming\IMVU
[2009/11/12 12:17:48 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Roaming\IMVUClient
[2009/11/07 11:49:17 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Local\Deployment
[2009/11/01 00:43:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/31 23:11:13 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/31 23:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/31 03:29:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/31 03:29:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/10/28 19:00:52 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/10/25 18:59:51 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/10/25 18:58:03 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/25 18:58:03 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/25 18:57:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/25 18:57:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/25 18:57:55 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/25 17:15:07 | 00,229,304 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/10/25 17:15:07 | 00,097,208 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2009/10/25 17:15:01 | 00,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/10/25 17:15:01 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/10/25 17:14:52 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/10/25 17:14:42 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/10/25 17:14:42 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Roaming\PC Tools
[2009/10/25 17:14:42 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/10/25 17:14:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/25 17:14:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/25 09:15:56 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/25 09:15:56 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/25 09:13:46 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/10/25 09:13:46 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2009/10/25 09:13:46 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009/10/25 09:13:42 | 00,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2009/10/25 09:13:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/10/25 09:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/10/25 09:13:18 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/10/25 09:08:13 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/10/25 08:05:11 | 00,000,000 | -HSD | C] -- C:\ProgramData\2687d
[2009/10/25 08:05:11 | 00,000,000 | -HSD | C] -- C:\ProgramData\2687d
[2009/10/25 08:04:57 | 00,000,000 | -HSD | C] -- C:\ProgramData\WSDDSys
[2009/10/25 08:04:57 | 00,000,000 | -HSD | C] -- C:\Users\pdtecrj\AppData\Roaming\Windows System Defender
[2009/10/25 08:04:57 | 00,000,000 | -HSD | C] -- C:\ProgramData\WSDDSys
[2009/10/25 07:59:47 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Local\{65941020-0F89-481D-9082-5EAC4C63D558}
[2009/10/23 02:00:52 | 05,954,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/20 08:46:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Corporation
[2009/10/20 08:46:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Corporation
[2009/10/17 02:49:21 | 00,000,000 | ---D | C] -- C:\Users\pdtecrj\AppData\Local\AIM
[2009/10/17 02:01:17 | 00,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/05/27 02:01:43 | 00,174,080 | ---- | C] (Apple Computer, Inc.) -- C:\Users\pdtecrj\AppData\Local\awimejiz.dll
[2006/10/11 17:01:40 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006/10/11 16:59:56 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006/10/11 16:54:10 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006/10/11 16:52:34 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006/10/11 16:51:16 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2006/10/11 16:48:58 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006/10/11 16:48:14 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006/10/11 16:47:42 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006/10/11 16:41:42 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2006/10/11 16:41:04 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006/10/11 16:37:14 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\pdtecrj\Desktop\*.tmp files -> C:\Users\pdtecrj\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/14 22:27:07 | 03,932,160 | -HS- | M] () -- C:\Users\pdtecrj\ntuser.dat
[2009/11/14 22:23:45 | 00,000,120 | ---- | M] () -- C:\Users\pdtecrj\AppData\Local\Xbufaf.dat
[2009/11/14 21:53:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/14 19:04:46 | 00,012,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/14 19:04:46 | 00,012,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/14 18:21:27 | 00,015,432 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/11/14 18:20:52 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/14 18:18:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/14 18:18:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/14 18:18:04 | 24,142,84800 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/14 18:17:11 | 00,524,288 | -HS- | M] () -- C:\Users\pdtecrj\ntuser.dat{ef2c0513-d15e-11de-b565-0019d169b363}.TMContainer00000000000000000002.regtrans-ms
[2009/11/14 18:17:11 | 00,524,288 | -HS- | M] () -- C:\Users\pdtecrj\ntuser.dat{ef2c0513-d15e-11de-b565-0019d169b363}.TMContainer00000000000000000001.regtrans-ms
[2009/11/14 18:17:11 | 00,065,536 | -HS- | M] () -- C:\Users\pdtecrj\ntuser.dat{ef2c0513-d15e-11de-b565-0019d169b363}.TM.blf
[2009/11/14 18:17:06 | 02,555,077 | -H-- | M] () -- C:\Users\pdtecrj\AppData\Local\IconCache.db
[2009/11/14 17:20:53 | 00,000,000 | ---- | M] () -- C:\Users\pdtecrj\AppData\Local\Npecireyiluyir.bin
[2009/11/13 18:47:01 | 00,291,840 | ---- | M] () -- C:\flpx17pk.exe
[2009/11/12 23:45:24 | 00,000,847 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2009/11/12 12:18:16 | 00,001,891 | ---- | M] () -- C:\Users\pdtecrj\Desktop\IMVU.lnk
[2009/11/10 13:14:07 | 00,031,688 | ---- | M] () -- C:\Users\pdtecrj\Documents\LucreciaBRD1.jpg
[2009/11/07 22:36:29 | 00,001,863 | ---- | M] () -- C:\Users\pdtecrj\Desktop\LimeWire 5.3.6.lnk
[2009/11/07 13:35:33 | 01,199,576 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/07 13:35:33 | 00,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/07 13:35:33 | 00,391,402 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2009/11/07 13:35:33 | 00,103,496 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2009/11/07 13:35:33 | 00,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/07 12:59:20 | 00,002,234 | ---- | M] () -- C:\Users\pdtecrj\Desktop\10 - Shortcut.lnk
[2009/11/01 00:43:56 | 00,002,041 | ---- | M] () -- C:\Users\pdtecrj\Desktop\HijackThis.lnk
[2009/11/01 00:00:45 | 00,000,322 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/10/29 10:21:40 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/28 19:00:50 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/10/25 18:58:01 | 00,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/10/25 17:14:56 | 00,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/10/25 16:59:45 | 00,000,344 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/25 09:44:00 | 00,023,374 | ---- | M] () -- C:\Users\pdtecrj\Documents\cc_20091025_104348.reg
[2009/10/25 09:15:56 | 00,000,978 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2009/10/25 09:15:38 | 00,000,973 | ---- | M] () -- C:\Users\Public\Desktop\McAfee EasyNetwork.lnk
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\pdtecrj\Desktop\*.tmp files -> C:\Users\pdtecrj\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/14 17:20:53 | 00,000,120 | ---- | C] () -- C:\Users\pdtecrj\AppData\Local\Xbufaf.dat
[2009/11/14 17:20:53 | 00,000,000 | ---- | C] () -- C:\Users\pdtecrj\AppData\Local\Npecireyiluyir.bin
[2009/11/14 15:48:06 | 00,524,288 | -HS- | C] () -- C:\Users\pdtecrj\ntuser.dat{ef2c0513-d15e-11de-b565-0019d169b363}.TMContainer00000000000000000002.regtrans-ms
[2009/11/14 15:48:06 | 00,524,288 | -HS- | C] () -- C:\Users\pdtecrj\ntuser.dat{ef2c0513-d15e-11de-b565-0019d169b363}.TMContainer00000000000000000001.regtrans-ms
[2009/11/14 15:48:06 | 00,065,536 | -HS- | C] () -- C:\Users\pdtecrj\ntuser.dat{ef2c0513-d15e-11de-b565-0019d169b363}.TM.blf
[2009/11/13 18:47:01 | 00,291,840 | ---- | C] () -- C:\flpx17pk.exe
[2009/11/12 12:18:16 | 00,001,891 | ---- | C] () -- C:\Users\pdtecrj\Desktop\IMVU.lnk
[2009/11/11 03:02:57 | 67,095,518 | ---- | C] () -- C:\Users\pdtecrj\Desktop\FE-SC-1.wmv
[2009/11/10 13:14:07 | 00,031,688 | ---- | C] () -- C:\Users\pdtecrj\Documents\LucreciaBRD1.jpg
[2009/11/07 22:36:29 | 00,001,863 | ---- | C] () -- C:\Users\pdtecrj\Desktop\LimeWire 5.3.6.lnk
[2009/11/07 12:59:20 | 00,002,234 | ---- | C] () -- C:\Users\pdtecrj\Desktop\10 - Shortcut.lnk
[2009/11/01 00:43:56 | 00,002,041 | ---- | C] () -- C:\Users\pdtecrj\Desktop\HijackThis.lnk
[2009/10/29 10:21:40 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/25 20:34:44 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/10/25 18:58:01 | 00,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/10/25 17:15:07 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2009/10/25 17:15:01 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2009/10/25 17:15:01 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2009/10/25 17:14:56 | 00,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/10/25 17:14:52 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2009/10/25 17:00:22 | 00,015,432 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2009/10/25 09:43:52 | 00,023,374 | ---- | C] () -- C:\Users\pdtecrj\Documents\cc_20091025_104348.reg
[2009/10/25 09:15:56 | 00,000,978 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2009/10/25 09:15:38 | 00,000,973 | ---- | C] () -- C:\Users\Public\Desktop\McAfee EasyNetwork.lnk
[2009/10/25 09:13:31 | 00,000,344 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/25 09:13:29 | 00,000,322 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2009/09/14 23:58:31 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/27 20:25:14 | 00,083,304 | ---- | C] () -- C:\Users\pdtecrj\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/05/27 12:58:01 | 02,555,077 | -H-- | C] () -- C:\Users\pdtecrj\AppData\Local\IconCache.db
[2009/04/22 03:55:52 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/04/22 03:55:52 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/04/22 03:55:52 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/04/22 03:55:52 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/04/22 03:14:13 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009/04/22 00:58:02 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/04/21 22:50:07 | 00,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/04/21 22:40:32 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/03/25 14:03:04 | 00,000,255 | ---- | C] () -- C:\Windows\System32\dlbkcoin.ini
[2009/02/08 22:41:38 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/14 13:45:43 | 00,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/07/12 00:45:59 | 00,000,290 | ---- | C] () -- C:\Windows\dellstat.ini
[2007/05/04 22:00:29 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2007/05/03 15:46:05 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/05/03 15:46:04 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/05/03 15:46:04 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/05/03 15:46:03 | 00,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/05/03 15:46:03 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/05/01 13:39:31 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/05/01 13:39:31 | 00,000,158 | ---- | C] () -- C:\Windows\wininit.ini
[2007/04/27 12:36:41 | 00,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2007/04/27 12:36:41 | 00,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2007/04/27 12:36:41 | 00,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2006/11/07 14:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/10/20 19:07:32 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006/10/20 19:06:42 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006/10/20 19:03:26 | 00,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006/10/20 18:57:38 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006/10/20 18:56:50 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006/10/20 18:55:28 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006/10/20 18:54:42 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006/10/20 18:48:36 | 00,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006/10/20 18:46:42 | 00,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006/09/22 06:42:38 | 00,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/16 22:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 05:13:14 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 14:58:04 | 00,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/04/24 14:09:58 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 18:03:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:31 PM

Posted 15 November 2009 - 12:58 PM

Please visit this webpage for download links, and instructions for running Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 pdtecrj

pdtecrj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 15 November 2009 - 03:37 PM

Wasn't sure if you wanted me to copy/paste as usual, or upload the file, so I will do both.



ComboFix 09-11-16.01 - pdtecrj 11/15/2009 15:03..2 - FAT32x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.3070.2377 [GMT -5:00]
Running from: c:\users\pdtecrj\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1399712705-160400772-555836405-500
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\pdtecrj\AppData\Local\{65941020-0F89-481D-9082-5EAC4C63D558}
c:\users\pdtecrj\AppData\Local\{65941020-0F89-481D-9082-5EAC4C63D558}\chrome.manifest
c:\users\pdtecrj\AppData\Local\{65941020-0F89-481D-9082-5EAC4C63D558}\chrome\content\_cfg.js
c:\users\pdtecrj\AppData\Local\{65941020-0F89-481D-9082-5EAC4C63D558}\chrome\content\overlay.xul
c:\users\pdtecrj\AppData\Local\{65941020-0F89-481D-9082-5EAC4C63D558}\install.rdf
c:\users\pdtecrj\AppData\Local\awimejiz.dll
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

.
((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.

2009-11-15 20:17 . 2009-11-15 20:17 -------- d-----w- c:\users\pdtecrj\AppData\Local\temp
2009-11-15 20:00 . 2009-11-15 20:00 49152 d-----w- C:\32788R22FWJFW
2009-11-14 22:21 . 2009-11-14 22:21 -------- d-----w- c:\program files\ESET
2009-11-14 22:20 . 2009-11-15 03:23 120 ----a-w- c:\users\pdtecrj\AppData\Local\Xbufaf.dat
2009-11-14 22:20 . 2009-11-14 22:20 0 ----a-w- c:\users\pdtecrj\AppData\Local\Npecireyiluyir.bin
2009-11-14 19:52 . 2009-11-14 19:52 -------- d-----w- C:\_OTL
2009-11-13 23:47 . 2009-11-13 23:47 291840 ----a-w- C:\flpx17pk.exe
2009-11-12 17:18 . 2009-11-15 19:33 4096 d-----w- c:\users\pdtecrj\AppData\Roaming\IMVU
2009-11-12 17:18 . 2009-11-12 17:18 76774 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\Uninstall.exe
2009-11-12 17:17 . 2009-11-12 17:18 24576 d-----w- c:\users\pdtecrj\AppData\Roaming\IMVUClient
2009-11-09 17:47 . 2009-11-09 17:47 92192 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\IMVUupdater.exe
2009-11-09 17:47 . 2009-11-09 17:47 52992 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\IMVUClient.exe
2009-11-09 17:47 . 2009-11-09 17:47 22784 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
2009-11-07 16:49 . 2009-11-07 17:29 -------- d-----w- c:\users\pdtecrj\AppData\Local\Deployment
2009-11-06 06:24 . 2009-11-06 06:24 54784 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\ui\plugins\nphwndproxy.dll
2009-11-06 06:24 . 2009-11-06 06:24 1161216 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\SceneWindow.dll
2009-11-06 06:24 . 2009-11-06 06:24 15872 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\MemoryHook.dll
2009-11-06 06:24 . 2009-11-06 06:24 296960 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\cal3d.dll
2009-11-06 06:24 . 2009-11-06 06:24 190976 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\boost_python.dll
2009-11-06 06:24 . 2009-11-06 06:24 30720 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\CallStack.dll
2009-11-06 06:24 . 2009-11-06 06:24 257536 ----a-w- c:\users\pdtecrj\AppData\Roaming\IMVUClient\audiere.dll
2009-11-01 05:43 . 2009-11-01 05:43 -------- d-----w- c:\program files\Trend Micro
2009-11-01 04:11 . 2009-11-01 04:11 -------- d-----w- c:\program files\iPod
2009-11-01 04:11 . 2009-11-01 04:12 4096 d-----w- c:\program files\iTunes
2009-11-01 04:04 . 2009-11-01 04:04 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 08:29 . 2009-10-31 08:29 -------- d-----w- c:\program files\Microsoft
2009-10-31 08:29 . 2009-10-31 08:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-29 00:00 . 2009-10-29 00:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-25 23:59 . 2009-10-28 23:59 815760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-10-25 23:59 . 2009-10-28 23:59 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-10-25 23:59 . 2009-10-28 23:59 1638104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-25 23:59 . 2009-10-28 23:59 788368 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-10-25 23:59 . 2009-10-28 23:59 1179232 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-25 23:58 . 2009-10-25 23:58 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-25 23:58 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-25 23:57 . 2009-10-25 23:59 -------- d-----w- c:\programdata\Lavasoft
2009-10-25 23:57 . 2009-10-25 23:57 -------- d-----w- c:\program files\Lavasoft
2009-10-25 22:28 . 2009-10-25 22:28 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-25 22:21 . 2009-10-25 22:21 21 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
2009-10-25 22:15 . 2009-09-24 12:55 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-25 22:15 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-25 22:15 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-25 22:15 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-25 22:14 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-25 22:14 . 2009-11-07 17:30 40960 d-----w- c:\program files\Spyware Doctor
2009-10-25 22:14 . 2009-11-07 17:30 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-25 22:14 . 2009-10-25 22:14 -------- d-----w- c:\users\pdtecrj\AppData\Roaming\PC Tools
2009-10-25 22:14 . 2009-10-25 22:14 -------- d-----w- c:\programdata\PC Tools
2009-10-25 22:04 . 2009-10-25 22:04 33 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
2009-10-25 14:28 . 2009-10-25 22:11 31 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
2009-10-25 14:15 . 2009-10-25 14:15 -------- d-----w- c:\programdata\SiteAdvisor
2009-10-25 14:13 . 2009-09-16 14:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-25 14:13 . 2009-09-16 14:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-25 14:13 . 2009-09-16 14:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-25 14:13 . 2009-07-16 16:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-25 14:13 . 2009-10-25 14:13 4096 d-----w- c:\program files\Common Files\McAfee
2009-10-25 14:13 . 2009-10-25 14:13 -------- d-----w- c:\program files\McAfee.com
2009-10-25 14:13 . 2009-11-07 17:15 4096 d-----w- c:\program files\McAfee
2009-10-25 14:08 . 2009-09-16 14:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-25 13:22 . 2009-09-11 11:37 722424 ----a-w- c:\programdata\2687d\mozcrt19.dll
2009-10-25 13:22 . 2009-09-11 11:37 428024 ----a-w- c:\programdata\2687d\sqlite3.dll
2009-10-25 13:06 . 2009-10-25 14:18 1 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
2009-10-25 13:06 . 2009-10-25 13:06 65 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
2009-10-25 13:06 . 2009-10-25 13:06 33 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
2009-10-25 13:06 . 2009-10-25 13:06 8 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
2009-10-25 13:06 . 2009-10-25 13:06 55 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
2009-10-25 13:06 . 2009-10-25 13:06 24 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
2009-10-25 13:06 . 2009-10-25 22:04 19 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
2009-10-25 13:06 . 2009-10-25 13:06 9 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
2009-10-25 13:06 . 2009-10-25 13:06 80 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
2009-10-25 13:06 . 2009-10-25 13:06 18 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
2009-10-25 13:05 . 2009-10-25 22:04 25 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
2009-10-25 13:05 . 2009-10-25 22:04 78 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
2009-10-25 13:05 . 2009-10-25 13:05 27 ----a-w- c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
2009-10-25 13:05 . 2009-11-14 23:43 -------- d-sh--w- c:\programdata\2687d
2009-10-25 13:04 . 2009-11-14 23:43 -------- d-sh--w- c:\users\pdtecrj\AppData\Roaming\Windows System Defender
2009-10-25 13:04 . 2009-11-14 23:43 -------- d-sh--w- c:\programdata\WSDDSys
2009-10-20 13:46 . 2009-10-25 14:20 -------- d-----w- c:\programdata\Microsoft Corporation
2009-10-17 07:49 . 2009-10-17 07:49 -------- d-----w- c:\users\pdtecrj\AppData\Local\AIM
2009-10-17 07:01 . 2009-09-10 03:10 306688 ----a-w- c:\windows\system32\drivers\srv2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 09:03 . 2007-05-01 19:37 12288 d-----w- c:\users\pdtecrj\AppData\Roaming\LimeWire
2009-11-15 03:36 . 2008-12-26 23:36 4096 d-----w- c:\program files\Curse
2009-11-14 23:43 . 2009-04-22 10:25 4096 d-----w- c:\program files\Windows Journal
2009-11-14 23:43 . 2008-07-22 02:39 -------- d-----w- c:\program files\Ascentive
2009-11-14 23:43 . 2007-04-27 17:35 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-14 19:47 . 2007-05-01 20:42 -------- d-----w- c:\programdata\Viewpoint
2009-11-11 08:03 . 2007-04-27 17:47 8192 d-----w- c:\programdata\Microsoft Help
2009-11-08 03:36 . 2007-05-01 20:08 40960 d-----w- c:\program files\LimeWire
2009-11-07 18:35 . 2009-05-27 18:26 391402 ----a-w- c:\windows\system32\perfh011.dat
2009-11-07 18:35 . 2009-05-27 18:26 103496 ----a-w- c:\windows\system32\perfc011.dat
2009-11-07 17:34 . 2007-04-27 17:50 -------- d-----w- c:\program files\Google
2009-11-07 17:30 . 2008-04-16 04:52 -------- d-----w- c:\program files\World of Warcraft
2009-11-07 17:30 . 2009-04-22 08:55 4096 d-----w- c:\program files\Windows Sidebar
2009-11-07 17:30 . 2009-01-05 07:58 4096 d-----w- c:\program files\Vuze
2009-11-07 17:30 . 2007-05-15 20:11 4096 d-----w- c:\program files\Support.com
2009-11-07 17:30 . 2007-05-01 19:35 4096 d-----w- c:\program files\Winamp
2009-11-07 17:30 . 2009-09-14 22:12 4096 d-----w- c:\program files\QuickTime
2009-11-07 17:30 . 2009-04-22 08:55 4096 d-----w- c:\program files\Microsoft Games
2009-11-07 17:30 . 2007-09-18 18:52 4096 d-----w- c:\program files\DivX
2009-11-07 17:30 . 2007-08-29 18:14 -------- d-----w- c:\program files\Common Files\Real
2009-11-07 17:30 . 2007-05-03 08:45 4096 d-----w- c:\program files\Apple Software Update
2009-11-07 17:30 . 2007-04-27 17:53 4096 d-----w- c:\program files\Dell
2009-11-01 04:11 . 2007-08-04 21:39 -------- d-----w- c:\program files\Common Files\Apple
2009-10-31 08:29 . 2008-03-01 02:06 4096 d-----w- c:\program files\Windows Live
2009-10-29 00:00 . 2009-10-29 00:00 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-25 22:29 . 2008-10-15 15:23 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 21:58 . 2008-08-20 19:22 4096 d-----w- c:\programdata\Symantec
2009-10-25 17:14 . 2007-04-27 17:49 4096 d-----w- c:\programdata\McAfee
2009-10-15 19:19 . 2009-10-15 19:18 -------- d-----w- c:\programdata\NOS
2009-10-15 19:18 . 2009-10-15 19:18 -------- d-----w- c:\program files\NOS
2009-10-11 11:46 . 2009-06-23 06:49 1000272 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2009-10-01 14:29 . 2009-10-03 11:17 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 09:51 . 2009-09-15 04:59 4096 d-----w- c:\users\pdtecrj\AppData\Roaming\Ventrilo
2009-09-27 12:47 . 2009-09-27 12:47 -------- d-----w- c:\users\pdtecrj\AppData\Roaming\Tumbywood Software
2009-09-27 12:46 . 2009-09-27 12:46 -------- d-----w- c:\program files\Tumbywood Software
2009-09-23 12:55 . 2009-10-25 23:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-16 14:22 . 2009-09-16 14:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-12 07:41 . 2009-06-22 07:16 235920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-09-12 07:40 . 2009-06-23 06:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2009-09-10 18:54 . 2008-10-15 15:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-10-15 15:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 09:17 . 2009-10-26 01:34 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-28 23:42 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-18 07:48 . 2009-08-18 07:48 4994560 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-08-18 06:37 . 2009-08-18 06:37 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-18 06:36 . 2009-04-29 06:08 348160 ----a-w- c:\windows\system32\atieclxx.exe
2009-08-18 06:36 . 2009-04-29 06:07 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2009-08-18 06:35 . 2009-08-18 06:35 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-08-18 06:34 . 2009-08-18 06:34 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-18 06:34 . 2009-08-18 06:34 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-18 06:34 . 2009-08-18 06:34 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-08-18 06:34 . 2009-08-18 06:34 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-08-18 06:31 . 2009-08-18 06:31 2469888 ----a-w- c:\windows\system32\atidxx32.dll
2009-08-18 06:20 . 2009-03-27 04:24 3105280 ----a-w- c:\windows\system32\atiumdag.dll
2009-08-18 06:11 . 2009-08-18 06:11 11650560 ----a-w- c:\windows\system32\atioglxx.dll
2009-08-18 06:05 . 2009-04-22 02:07 2868736 ----a-w- c:\windows\system32\atiumdva.dll
2009-08-18 05:52 . 2009-08-18 05:52 51712 ----a-w- c:\windows\system32\atimpc32.dll
2009-08-18 05:52 . 2009-08-18 05:52 51712 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-18 05:52 . 2009-04-29 05:24 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-18 05:49 . 2009-08-18 05:49 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-08-18 05:49 . 2009-08-18 05:49 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-08-18 05:48 . 2009-08-18 05:48 3264512 ----a-w- c:\windows\system32\aticaldd.dll
2009-08-18 05:37 . 2009-08-18 05:37 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-04-22 146432]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"PC SpeedScan Pro"="c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" [2008-04-29 1839104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 321088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-12 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

R0 amdxata;amdxata;c:\windows\System32\drivers\amdxata.sys [4/21/2009 9:07 PM 23120]
R0 CLFS;Common Log (CLFS);c:\windows\System32\clfs.sys [4/21/2009 10:08 PM 249424]
R0 CNG;CNG;c:\windows\System32\drivers\cng.sys [4/21/2009 10:31 PM 369056]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [4/21/2009 10:19 PM 58448]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\drivers\fvevol.sys [4/21/2009 10:10 PM 194488]
R0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [4/21/2009 10:08 PM 13904]
R0 iaStorV;Intel RAID Controller Windows 7;c:\windows\System32\drivers\iaStorV.sys [4/14/2009 9:30 PM 332368]
R0 KSecPkg;KSecPkg;c:\windows\System32\drivers\ksecpkg.sys [5/11/2009 2:01 PM 133720]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/25/2009 6:59 PM 64288]
R0 msisadrv;msisadrv;c:\windows\System32\drivers\msisadrv.sys [4/21/2009 10:08 PM 13904]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [10/25/2009 5:15 PM 207280]
R0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [4/21/2009 10:08 PM 42576]
R0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [4/21/2009 10:19 PM 173648]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [4/21/2009 7:36 PM 17488]
R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\System32\drivers\vmstorfl.sys [4/22/2009 5:23 AM 40912]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\System32\drivers\vdrvroot.sys [4/21/2009 10:44 PM 32848]
R0 volmgr;Volume Manager Driver;c:\windows\System32\drivers\volmgr.sys [4/21/2009 10:08 PM 52304]
R0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [4/21/2009 10:09 PM 297040]
R1 blbdrive;blbdrive;c:\windows\System32\drivers\blbdrive.sys [4/21/2009 10:20 PM 35328]
R1 CSC;Offline Files Driver;c:\windows\System32\drivers\csc.sys [4/21/2009 10:12 PM 387584]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [4/21/2009 10:11 PM 78336]
R1 discache;System Attribute Cache;c:\windows\System32\drivers\discache.sys [4/21/2009 10:21 PM 32768]
R1 nsiproxy;NSI proxy service driver.;c:\windows\System32\drivers\nsiproxy.sys [4/21/2009 10:09 PM 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [4/21/2009 11:00 PM 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\System32\drivers\RDPREFMP.sys [4/21/2009 11:00 PM 7168]
R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\System32\drivers\tdx.sys [4/21/2009 10:09 PM 74240]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\System32\drivers\wanarp.sys [4/21/2009 10:53 PM 63488]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\System32\drivers\wfplwf.sys [4/21/2009 10:52 PM 9728]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [4/29/2009 1:07 AM 176128]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [4/21/2009 10:16 PM 20992]
R2 CscService;Offline Files;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [4/21/2009 10:16 PM 20992]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [10/29/2006 8:03 AM 208896]
R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 10:16 PM 20992]
R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
R2 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe -k NetSvcs [4/21/2009 10:16 PM 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\drivers\lltdio.sys [4/21/2009 10:51 PM 48128]
R2 luafv;UAC File Virtualization;c:\windows\System32\drivers\luafv.sys [4/21/2009 10:13 PM 86528]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/26/2009 10:08 AM 210216]
R2 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 10:16 PM 20992]
R2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [4/21/2009 10:16 PM 20992]
R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe -k NetworkService [4/21/2009 10:16 PM 20992]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [9/27/2006 3:37 PM 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [10/19/2006 2:49 PM 7424]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [4/21/2009 10:16 PM 20992]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [4/21/2009 10:33 PM 586752]
R2 Power;Power;c:\windows\system32\svchost.exe -k DcomLaunch [4/21/2009 10:16 PM 20992]
R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
R2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe -k RPCSS [4/21/2009 10:16 PM 20992]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [4/21/2009 10:52 PM 34816]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
R2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
R3 bowser;Browser Support Driver;c:\windows\System32\drivers\bowser.sys [4/21/2009 10:11 PM 69632]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
R3 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [8/30/2006 7:23 AM 35328]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\System32\drivers\CompositeBus.sys [4/21/2009 10:43 PM 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [4/21/2009 10:23 PM 720384]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [4/21/2009 10:16 PM 20992]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [4/21/2009 10:16 PM 20992]
R3 KeyIso;CNG Key Isolation;c:\windows\System32\lsass.exe [4/21/2009 10:09 PM 22528]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\System32\drivers\monitor.sys [4/21/2009 10:23 PM 23552]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\System32\drivers\mpsdrv.sys [4/21/2009 10:51 PM 60416]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\System32\drivers\mrxsmb10.sys [4/21/2009 10:11 PM 220672]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\System32\drivers\mrxsmb20.sys [4/21/2009 10:11 PM 94720]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\System32\drivers\nwifi.sys [4/21/2009 10:50 PM 267264]
R3 netprofm;Network List Service;c:\windows\System32\svchost.exe -k LocalService [4/21/2009 10:16 PM 20992]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\System32\drivers\agilevpn.sys [4/21/2009 10:53 PM 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\System32\drivers\rdpbus.sys [4/21/2009 11:01 PM 18432]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\System32\drivers\srv2.sys [10/17/2009 2:01 AM 306688]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [4/21/2009 10:12 PM 113664]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [4/21/2009 11:00 PM 30208]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [4/21/2009 10:52 PM 108032]
R3 umbus;UMBus Enumerator Driver;c:\windows\System32\drivers\umbus.sys [5/27/2009 1:09 PM 39936]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [4/21/2009 10:49 PM 86016]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [4/21/2009 9:11 PM 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [4/21/2009 9:11 PM 266752]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe -k LocalService [4/21/2009 10:16 PM 20992]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
S2 gupdate1c92b2bb22cac30;Google Update Service (gupdate1c92b2bb22cac30);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2008 5:58 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1179232]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
S2 sppsvc;Software Protection;c:\windows\System32\sppsvc.exe [4/21/2009 11:44 PM 3179520]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\System32\drivers\1394ohci.sys [4/21/2009 10:50 PM 162816]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\System32\drivers\acpipmi.sys [4/21/2009 10:13 PM 9728]
S3 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [3/20/2009 10:22 AM 422992]
S3 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [4/21/2009 9:07 PM 297552]
S3 amdsata;amdsata;c:\windows\System32\drivers\amdsata.sys [3/20/2009 10:23 AM 77904]
S3 amdsbs;amdsbs;c:\windows\System32\drivers\amdsbs.sys [3/27/2009 11:45 PM 159312]
S3 AppID;AppID Driver;c:\windows\System32\drivers\appid.sys [4/21/2009 10:35 PM 50176]
S3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 10:16 PM 20992]
S3 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [4/21/2009 9:07 PM 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\System32\drivers\bxvbdx.sys [3/20/2009 10:22 AM 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [4/21/2009 9:01 PM 229888]
S3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [4/21/2009 11:55 PM 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [4/21/2009 11:56 PM 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [4/21/2009 11:53 PM 272128]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [4/21/2009 11:55 PM 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [4/21/2009 11:55 PM 12160]
S3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe -k defragsvc [4/21/2009 10:16 PM 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\System32\drivers\evbdx.sys [3/20/2009 10:22 AM 3100160]
S3 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [3/20/2009 10:23 AM 453712]
S3 Filetrace;Filetrace;c:\windows\System32\drivers\filetrace.sys [4/21/2009 10:12 PM 28160]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 10:16 PM 20992]
S3 FsDepends;File System Dependency Minifilter;c:\windows\System32\drivers\fsdepends.sys [4/21/2009 10:12 PM 45648]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [4/21/2009 10:16 PM 20992]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\System32\drivers\hcw85cir.sys [4/21/2009 9:52 PM 26624]
S3 HpSAMD;HpSAMD;c:\windows\System32\drivers\HpSAMD.sys [4/21/2009 9:07 PM 67152]
S3 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [4/21/2009 10:28 PM 65536]
S3 iScsiPrt;iScsiPort Driver;c:\windows\System32\drivers\msiscsi.sys [4/21/2009 10:44 PM 186960]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [4/21/2009 10:16 PM 20992]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe -k LocalService [4/21/2009 10:16 PM 20992]
S3 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [4/21/2009 9:07 PM 95824]
S3 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [4/21/2009 9:07 PM 89168]
S3 LSI_SAS2;LSI_SAS2;c:\windows\System32\drivers\lsi_sas2.sys [4/21/2009 9:07 PM 54864]
S3 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [4/21/2009 9:07 PM 96848]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [10/15/2008 10:23 AM 38224]
S3 megasas;megasas;c:\windows\System32\drivers\megasas.sys [3/20/2009 10:23 AM 30800]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\System32\drivers\motccgp.sys [11/2/2007 2:36 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\System32\drivers\motccgpfl.sys [1/23/2007 7:03 PM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\System32\drivers\motport.sys [6/18/2007 2:18 PM 23680]
S3 mpio;mpio;c:\windows\System32\drivers\mpio.sys [4/21/2009 10:44 PM 130640]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\System32\drivers\MRVW24B.sys [3/19/2008 6:10 AM 310016]
S3 msahci;msahci;c:\windows\System32\drivers\msahci.sys [4/21/2009 10:44 PM 27728]
S3 msdsm;msdsm;c:\windows\System32\drivers\msdsm.sys [4/21/2009 10:44 PM 115792]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [4/21/2009 10:49 PM 4096]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [4/21/2009 10:09 PM 162896]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\System32\drivers\MTConfig.sys [4/21/2009 10:45 PM 12288]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\System32\drivers\ndiscap.sys [4/21/2009 10:51 PM 27136]
S3 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [4/21/2009 9:07 PM 44624]
S3 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [4/14/2009 9:30 PM 142416]
S3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe -k PeerDist [4/21/2009 10:16 PM 20992]
S3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [4/21/2009 10:16 PM 20992]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe -k LocalServicePeerNet [4/21/2009 10:16 PM 20992]
S3 ql2300;ql2300;c:\windows\System32\drivers\ql2300.sys [3/20/2009 10:23 AM 1383504]
S3 ql40xx;ql40xx;c:\windows\System32\drivers\ql40xx.sys [4/21/2009 9:07 PM 105552]
S3 s3cap;s3cap;c:\windows\System32\drivers\vms3cap.sys [4/22/2009 5:23 AM 5632]
S3 scfilter;Smart card PnP Class Filter Driver;c:\windows\System32\drivers\scfilter.sys [4/21/2009 10:32 PM 26624]
S3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/25/2009 5:14 PM 358600]
S3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [4/21/2009 10:16 PM 20992]
S3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 10:16 PM 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [4/21/2009 10:44 PM 12288]
S3 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [4/21/2009 9:07 PM 77904]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\System32\drivers\smb.sys [4/21/2009 10:52 PM 71168]
S3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe -k LocalService [4/21/2009 10:16 PM 20992]
S3 stexstor;stexstor;c:\windows\System32\drivers\stexstor.sys [4/21/2009 9:07 PM 21072]
S3 storvsc;storvsc;c:\windows\System32\drivers\storvsc.sys [4/22/2009 5:23 AM 28240]
S3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
S3 TBS;TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 10:16 PM 20992]
S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [4/21/2009 10:16 PM 20992]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [4/21/2009 10:20 PM 204800]
S3 UI0Detect;Interactive Services Detection;c:\windows\System32\UI0Detect.exe [4/21/2009 10:35 PM 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [4/21/2009 10:23 PM 57424]
S3 VaultSvc;Credential Manager;c:\windows\System32\lsass.exe [4/21/2009 10:09 PM 22528]
S3 vhdmp;vhdmp;c:\windows\System32\drivers\vhdmp.sys [4/21/2009 10:44 PM 158288]
S3 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [4/21/2009 10:08 PM 52736]
S3 vmbus;vmbus;c:\windows\System32\drivers\vmbus.sys [4/22/2009 5:23 AM 175824]
S3 VMBusHID;VMBusHID;c:\windows\System32\drivers\VMBusHID.sys [4/22/2009 5:23 AM 17920]
S3 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [3/20/2009 10:23 AM 141904]
S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [4/21/2009 10:50 PM 19968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [4/21/2009 10:45 PM 21632]
S3 wbengine;Block Level Backup Engine Service;c:\windows\System32\wbengine.exe [4/21/2009 10:21 PM 1203200]
S3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe -k WbioSvcGroup [4/21/2009 10:16 PM 20992]
S3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 10:16 PM 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [4/21/2009 10:16 PM 20992]
S3 Wd;Wd;c:\windows\System32\drivers\wd.sys [4/21/2009 10:08 PM 19024]
S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 10:16 PM 20992]
S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [4/21/2009 10:16 PM 20992]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe -k netsvcs [4/21/2009 10:16 PM 20992]
S3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe -k WerSvcGroup [4/21/2009 10:16 PM 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [4/21/2009 10:15 PM 19024]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [4/21/2009 10:16 PM 20992]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [4/21/2009 10:16 PM 20992]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [4/21/2009 10:16 PM 20992]
S3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [4/21/2009 10:16 PM 20992]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - mbr
*Deregistered* - PROCEXP113
*Deregistered* - SYMTDI

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Contents of the 'Scheduled Tasks' folder

2009-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-10 22:58]

2009-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-10 22:58]

2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-25 16:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-25 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070428
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\pdtecrj\AppData\Roaming\Mozilla\Firefox\Profiles\fzkul1b1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-Fkedehizuq - c:\users\pdtecrj\AppData\Local\awimejiz.dll
HKCU-Run-Windows System Defender - c:\programdata\2687d\WS896.exe
HKCU-Run-Rtolipabusaxupet - c:\users\pdtecrj\AppData\Local\lRORexi.dll
HKCU-Run-Aim6 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 15:17
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1399712705-160400772-555836405-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
@DACL=(02 0000)
"aFormatTagCache"=hex:01,00,00,00,10,00,00,00,55,00,00,00,1e,00,00,00
"cFilterTags"=dword:00000000
"cFormatTags"=dword:00000002
"fdwSupport"=dword:00000001

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-11-15 15:23
ComboFix-quarantined-files.txt 2009-11-15 20:23

Pre-Run: 6,510,436,352 bytes free
Post-Run: 6,557,622,272 bytes free

- - End Of File - - E326DA20874F3A83CB078679CBE68EB4

Attached Files



#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:31 PM

Posted 16 November 2009 - 09:20 PM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\pdtecrj\AppData\Local\Xbufaf.dat
c:\users\pdtecrj\AppData\Local\Npecireyiluyir.bin
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe

DirLook::
c:\programdata\2687d

Folder::
c:\users\pdtecrj\AppData\Roaming\Windows System Defender
c:\programdata\WSDDSys

c:\program files\Ascentive

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC SpeedScan Pro"=-

DDS::


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt
=============
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 pdtecrj

pdtecrj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 16 November 2009 - 11:17 PM

Thanks

I did exactly as you said, and left my room. When I came back, my computer had rebooted and was asking for my password to log on. I typed it in, stepped away to let it finish, and then came back in time to see a blue screen with basic DOS-style text saying that my computer was shutting down in order to protect itself from something. I started in normal mode, and then it came back up, but I notice my desktop wallpaper is blank. At any rate, I found the log, and this is what it shows:

ComboFix 09-11-17.01 - pdtecrj 11/16/2009 22:47:28.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.3070.2190 [GMT -5:00]
Running from: C:\Users\pdtecrj\Desktop\ComboFix.exe
Command switches used :: C:\Users\pdtecrj\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

FILE ::
"c:\users\pdtecrj\AppData\Local\Npecireyiluyir.bin"
"c:\users\pdtecrj\AppData\Local\Xbufaf.dat"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\eb.sys"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\energy.drv"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\exec.sys"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\fan.dll"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\FW.dll"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\FW.drv"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\pal.sys"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\PE.dll"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\PE.exe"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe"
"c:\users\pdtecrj\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv"
.


And again, because it looks like it may be missing something at the end, I just want to assure you that is everything. Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users