Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with rootkit tdlcmd.dll (Trojan:Win32/Alureon.CT), Google searches being constantly redirected


  • This topic is locked This topic is locked
18 replies to this topic

#1 elocine

elocine

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 03 December 2009 - 07:58 PM

Hi!

Before explaining my problem here, I would like to mention that I have already posted a topic related to this one in the "Am I infected? What do I do?" forum 5 days ago. Since I have not received any reply yet, I would like to update it with more details in this forum, which seems to be more appropriate in my case.

My laptop got infected with a Trojan:Win32/Alureon.CT despite all the protection and security programs running on it.

A few weeks ago, I started to have problems when I was browsing in IE and Mozilla Firefox especially: all Google searches were (and still are) constantly redirected to websites other than the ones I had clicked on. It would eventually open the correct page if I kept selecting it. I also noticed that my laptop got slower.

Both Windows Defender and Microsoft Security Essentials keep detecting the above-mentioned Trojan and pointing out the following:
C:\Windows\system32\tdlcmd.dll.

I have tried to remove it several times with Windows Defender and Microsoft Security Essentials, both confirming that it was successfully deleted, but every time I restarted my laptop as I was asked to, it came back again!

I read about this in your forums and others, but did not find a solution. I need help to clean my laptop, so I would really appreciate if someone could help me with this!

I have Windows Vista Home Premium.
Anti-malware/Anti-spyware/Antivirus installed and running on my laptop: Ad-Aware, Spybot - Search & Destroy, McAfee VirusScan, Windows Defender and Microsoft Security Essentials.
I also installed Malwarebytes Anti-Malware, Gmer, DDS and Rootrepeal for the purpose of providing you with the following logs.

The first 2 logs are the ones that I originally obtained with Malwarebytes and Gmer (5 days ago). I noticed that the tdlcmd.dll file was referred to as "rootkit TDSS" in the Malwarebytes log.
The next logs are the ones that I obtained today with DDS, Rootrepeal, Malwarebytes and Gmer (note: 2 of the .txt files are provided as attachments). This time, however, the tdlcmd.dll file has been detected and referred to as "rogue.installer" in the Malwarebytes log. I applied the requested action (removal) and restarted my computer, but Microsoft Security Essentials keeps detecting it, and after it deletes it and I restart, the tdlcmd.dll file is back again, and again (as Trojan:Win32/Alureon.CT) at the same location (C:\Windows\system32\tdlcmd.dll).

MALWAREBYTES (original log - 5 days ago)

Malwarebytes' Anti-Malware 1.41
Database version: 3242
Windows 6.0.6002 Service Pack 2

11/29/2009 3:16:17 PM
mbam-log-2009-11-29 (15-16-17).txt

Scan type: Quick Scan
Objects scanned: 109348
Time elapsed: 19 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\tdlcmd.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.


GMER (original log - 5 days ago)

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-11-29 15:39:05
Windows 6.0.6002 Service Pack 2
Running: nwqrcil3.exe; Driver: C:\Users\Nicole\AppData\Local\Temp\pwryqpog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB1E1F7DA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB1E1F774]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB1E1F788]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB1E1F818]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB1E1F6FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB1E1F74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB1E1F760]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB1E1F7EE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB1E1F724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB1E1F710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB1E1F7C6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB1E1F7B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB1E1F847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB1E1F82E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB1E1F804]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0xB1E1F79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- EOF - GMER 1.0.15 ----


TODAY'S LOGS


DDS (Ver_09-12-01.01) - NTFSx86
Run by Nicole at 11:10:26.68 on Thu 12/03/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.664 [GMT -6:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Nicole\AppData\Local\Plaxo\3.17.0.16\PlaxoHelper_en.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Nicole\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Nicole\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.netscape.net/
mStart Page = hxxp://search.myheritage.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PlaxoUpdate] c:\users\nicole\appdata\local\plaxo\3.17.0.16\PlaxoHelper_en.exe -a
uRun: [PlaxoSysTray] c:\users\nicole\appdata\local\plaxo\3.17.0.16\PlaxoSysTray.exe
uRun: [Google Update] "c:\users\nicole\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\nicole\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
StartupFolder: c:\users\nicole\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\ru96s751.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.netscape.net
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\users\nicole\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\nicole\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-17 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-11-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-9-26 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-7-16 54608]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-2-9 809296]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-9-30 79816]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-9-30 35272]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-9-30 214664]
S2 gupdate1c9f608655a2e70;Google Update Service (gupdate1c9f608655a2e70);c:\program files\google\update\GoogleUpdate.exe [2009-6-25 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-13 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-30 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-30 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-30 40552]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
SUnknown clcwsphc;clcwsphc; [x]
SUnknown ffqwjxpm;ffqwjxpm; [x]
SUnknown ghkiorfl;ghkiorfl; [x]
SUnknown jnyxudev;jnyxudev; [x]
SUnknown qobaduvy;qobaduvy; [x]
SUnknown qsdpvhou;qsdpvhou; [x]
SUnknown slabgwzb;slabgwzb; [x]
SUnknown ujdpiiqn;ujdpiiqn; [x]
SUnknown xgmzgqao;xgmzgqao; [x]
SUnknown yemnizun;yemnizun; [x]

=============== Created Last 30 ================

2009-12-03 04:10:54 23552 ----a-w- c:\windows\system32\tdlcmd.dll
2009-11-30 17:18:13 0 d-----w- c:\users\nicole\Tracing
2009-11-30 17:16:45 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-30 17:16:16 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-30 17:13:53 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-30 17:12:28 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-30 17:05:50 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-30 16:53:19 0 d-----w- c:\program files\common files\Windows Live
2009-11-30 16:36:51 873310 ----a-w- c:\windows\system32\oem71.inf
2009-11-30 16:33:17 0 d-----w- c:\program files\Microsoft
2009-11-27 14:42:50 0 d-----w- c:\users\nicole\appdata\roaming\Malwarebytes
2009-11-27 14:42:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 14:42:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 14:42:34 0 d-----w- c:\programdata\Malwarebytes
2009-11-27 14:42:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 14:36:25 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 13:46:56 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 13:46:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-22 00:35:22 65536 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2009-11-22 00:35:22 196608 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2009-11-22 00:35:21 2949120 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2009-11-22 00:34:54 0 d-----w- c:\program files\Microsoft ATS
2009-11-20 05:44:42 0 d-----w- c:\programdata\HP Product Assistant
2009-11-20 05:40:40 77352 ----a-w- c:\windows\hpqins05.dat
2009-11-14 21:51:47 0 d-----w- C:\QUARANTAINE
2009-11-14 17:25:26 280 ----a-w- c:\windows\system32\epoPGPsdk.dll.sig
2009-11-14 17:25:26 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll
2009-11-14 17:25:26 0 d-----w- c:\program files\common files\Cisco Systems
2009-11-14 17:24:43 64232 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-11-14 17:24:42 52104 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-11-14 17:23:47 0 d-----w- c:\program files\McAfee
2009-11-14 17:23:47 0 d-----w- c:\program files\common files\McAfee
2009-11-13 02:07:20 0 d-----w- c:\program files\Family Toolbar
2009-11-11 14:14:12 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 14:13:58 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 16:27:36 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-04 14:12:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb

==================== Find3M ====================

2009-11-30 16:51:13 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-30 16:51:13 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-30 16:51:12 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 03:55:52 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-10-30 19:05:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-30 19:05:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-30 19:04:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-27 23:16:27 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 23:16:16 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-07 07:46:36 25752 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-10-07 07:25:10 85302 ----a-w- c:\windows\system32\drivers\LVFeL102.cfg
2009-10-07 07:25:10 69592 ----a-w- c:\windows\system32\drivers\LVFaL100.cfg
2009-10-07 07:25:10 227172 ----a-w- c:\windows\system32\drivers\LVFeL100.cfg
2009-10-07 07:25:10 146680 ----a-w- c:\windows\system32\drivers\LVFeL101.cfg
2009-10-07 07:23:08 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-24 18:13:08 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2008-07-13 11:37:32 174 --sha-w- c:\program files\desktop.ini
2008-05-29 20:56:11 37375 ----a-w- c:\program files\openoffice.org-xsltfilter.cab
2008-05-29 20:56:10 2490452 ----a-w- c:\program files\openoffice.org-writer.cab
2008-05-29 20:56:02 207388 ----a-w- c:\program files\openoffice.org-testtool.cab
2008-05-29 20:55:59 2504975 ----a-w- c:\program files\openoffice.org-pyuno.cab
2008-05-29 20:55:39 51973 ----a-w- c:\program files\openoffice.org-onlineupdate.cab
2008-05-29 20:55:38 1090334 ----a-w- c:\program files\openoffice.org-math.cab
2008-05-29 20:55:33 118910 ----a-w- c:\program files\openoffice.org-javafilter.cab
2008-05-29 20:55:32 1254017 ----a-w- c:\program files\openoffice.org-impress.cab
2008-05-29 20:55:26 86870 ----a-w- c:\program files\openoffice.org-graphicfilter.cab
2008-05-29 20:55:25 919329 ----a-w- c:\program files\openoffice.org-draw.cab
2008-05-29 20:55:25 2769 ----a-w- c:\program files\openoffice.org-emailmerge.cab
2008-05-29 20:55:20 2031954 ----a-w- c:\program files\openoffice.org-core09.cab
2008-05-29 20:55:14 293078 ----a-w- c:\program files\openoffice.org-core08.cab
2008-05-29 20:55:07 3842531 ----a-w- c:\program files\openoffice.org-core07.cab
2008-05-29 20:54:57 28847705 ----a-w- c:\program files\openoffice.org-core06.cab
2008-05-29 20:50:50 18634513 ----a-w- c:\program files\openoffice.org-core05.cab
2008-05-29 20:49:37 16503595 ----a-w- c:\program files\openoffice.org-core04.cab
2008-05-29 20:48:32 9117929 ----a-w- c:\program files\openoffice.org-core03.cab
2008-05-29 20:48:10 3860980 ----a-w- c:\program files\openoffice.org-core02.cab
2008-05-29 20:47:56 15104219 ----a-w- c:\program files\openoffice.org-core01.cab
2008-05-29 20:47:19 4694039 ----a-w- c:\program files\openoffice.org-calc.cab
2008-05-29 20:47:00 1803630 ----a-w- c:\program files\openoffice.org-base.cab
2008-05-29 20:46:51 43005 ----a-w- c:\program files\openoffice.org-activex.cab
2008-05-29 20:46:45 4372992 ----a-w- c:\program files\openofficeorg24.msi
2008-05-29 20:46:45 217 ----a-w- c:\program files\setup.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-05-17 03:37:32 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 11:15:31.05 ===============


MALWAREBYTES log (today)

Malwarebytes' Anti-Malware 1.41
Database version: 3285
Windows 6.0.6002 Service Pack 2

12/3/2009 12:42:05 PM
mbam-log-2009-12-03 (12-42-05).txt

Scan type: Quick Scan
Objects scanned: 111604
Time elapsed: 15 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\tdlcmd.dll (Rogue.Installer) -> Quarantined and deleted successfully.


GMER log (today)

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-03 16:20:15
Windows 6.0.6002 Service Pack 2
Running: nwqrcil3.exe; Driver: C:\Users\Nicole\AppData\Local\Temp\pwryqpog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAFF1F7DA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAFF1F774]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAFF1F788]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAFF1F818]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAFF1F6FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAFF1F74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAFF1F760]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAFF1F7EE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAFF1F724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAFF1F710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAFF1F7C6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAFF1F7B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAFF1F847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAFF1F82E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAFF1F804]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0xAFF1F79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 81E33982 5 Bytes JMP AFF1F808 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81FC75B5 5 Bytes JMP AFF1F700 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81FD1B82 5 Bytes JMP AFF1F7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 81FF8D5D 5 Bytes JMP AFF1F84B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 82018446 7 Bytes JMP AFF1F81C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82018709 5 Bytes JMP AFF1F832 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 8201C474 5 Bytes JMP AFF1F7B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 82021E7D 7 Bytes JMP AFF1F7F2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 8202409A 5 Bytes JMP AFF1F764 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 82028B48 5 Bytes JMP AFF1F750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 82049D59 5 Bytes JMP AFF1F7DE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8205A7B2 5 Bytes JMP AFF1F714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8205B9B6 5 Bytes JMP AFF1F728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 8209974B 5 Bytes JMP AFF1F778 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82099796 7 Bytes JMP AFF1F78C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 8209A253 2 Bytes JMP AFF1F7CA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread + 3 8209A256 2 Bytes CALL E65AF388
.rsrc C:\Windows\system32\DRIVERS\iaStor.sys entry point in ".rsrc" section [0x828D0000]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[660] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00870F28
.text C:\Windows\system32\services.exe[660] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00870F39
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00870EFC
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00870093
.text C:\Windows\system32\services.exe[660] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00870F79
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 0087001B
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00870FC0
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 0087006E
.text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00870F94
.text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00870040
.text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00870051
.text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00870FAF
.text C:\Windows\system32\services.exe[660] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00870F68
.text C:\Windows\system32\services.exe[660] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00870EEB
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 0087000A
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00870FEF
.text C:\Windows\system32\services.exe[660] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00870F17
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00D40039
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00D40FA8
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00D40FEF
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00D40F8D
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00D40F7C
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00D40014
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00D40FDE
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00D40FC3
.text C:\Windows\system32\services.exe[660] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00D5004C
.text C:\Windows\system32\services.exe[660] msvcrt.dll!system 76D9804B 5 Bytes JMP 00D50031
.text C:\Windows\system32\services.exe[660] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00D50016
.text C:\Windows\system32\services.exe[660] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00D50FEF
.text C:\Windows\system32\services.exe[660] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00D50FC1
.text C:\Windows\system32\services.exe[660] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00D50FD2
.text C:\Windows\system32\services.exe[660] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\services.exe[660] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00DA0FDE
.text C:\Windows\system32\services.exe[660] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00DA000A
.text C:\Windows\system32\services.exe[660] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00DA0025
.text C:\Windows\system32\services.exe[660] WS2_32.dll!socket 772236D1 5 Bytes JMP 00DF0FE5
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00130F79
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00130F8A
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 001300FF
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00130F5E
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00130FC0
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00130036
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00130051
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00130FAF
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00130FD1
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 0013007D
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 0013008E
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00130062
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 001300BF
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00130F4D
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00130011
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00130000
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 001300DA
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00140F80
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00140FC0
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00140FE5
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00140F9B
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00140F6F
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00140011
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00140000
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00140022
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00150FA3
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!system 76D9804B 5 Bytes JMP 00150038
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 0015001D
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00150000
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00150FC8
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00150FEF
.text C:\Windows\system32\lsass.exe[672] WS2_32.dll!socket 772236D1 5 Bytes JMP 00960FEF
.text C:\Windows\system32\lsass.exe[672] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00900FEF
.text C:\Windows\system32\lsass.exe[672] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00900014
.text C:\Windows\system32\lsass.exe[672] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00900025
.text C:\Windows\system32\lsass.exe[672] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00900036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 009500C9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 009500AE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00950F4D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 009500E4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00950F94
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 0095000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00950025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00950093
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00950062
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00950040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00950051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00950FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00950F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00950F3C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00950FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00950FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00950F68
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00970055
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] msvcrt.dll!system 76D9804B 5 Bytes JMP 00970044
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00970FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] msvcrt.dll!_open 76D9D106 5 Bytes JMP 0097000C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00970FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 0097001D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 0096007D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 0096006C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00960000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00960FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00960FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00960036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 0096001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00960051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] WS2_32.dll!socket 772236D1 5 Bytes JMP 009A0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00980FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 0098000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00980FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[848] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00980025
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00920F4B
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00920F66
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00920F0E
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00920F1F
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00920076
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00920FDE
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 0092002F
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00920091
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00920F9C
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00920FC3
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00920065
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 0092004A
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00920F81
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00920EFD
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00920FEF
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00920000
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00920F30
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00CD003A
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!system 76D9804B 5 Bytes JMP 00CD0029
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00CD0FDE
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00CD0000
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00CD0FB9
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00CD0FEF
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00CC0062
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00CC0FC0
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00CC0000
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00CC0051
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00CC0FA5
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00CC001B
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00CC0FDB
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00CC002C
.text C:\Windows\system32\svchost.exe[864] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00CE0FE5
.text C:\Windows\system32\svchost.exe[864] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00CE0FCA
.text C:\Windows\system32\svchost.exe[864] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00CE0FB9
.text C:\Windows\system32\svchost.exe[864] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00CE0F9E
.text C:\Windows\system32\svchost.exe[864] WS2_32.dll!socket 772236D1 5 Bytes JMP 00CF0000
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00D50F58
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00D50F69
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00D50F33
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00D500D4
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00D50FA6
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00D50036
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00D50FE5
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00D50F84
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00D50080
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00D50FC3
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00D5006F
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00D50FD4
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00D50F95
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00D500E5
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00D50011
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00D50000
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00D500B9
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00E70095
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!system 76D9804B 5 Bytes JMP 00E70070
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00E70044
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00E7000C
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00E7005F
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00E7001D
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00D60043
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00D60FB2
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00D60000
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00D60FA1
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00D60F86
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00D60FDE
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00D60FEF
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00D60FCD
.text C:\Windows\system32\svchost.exe[932] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00EC0000
.text C:\Windows\system32\svchost.exe[932] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00EC0011
.text C:\Windows\system32\svchost.exe[932] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00EC0FE5
.text C:\Windows\system32\svchost.exe[932] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00EC0036
.text C:\Windows\system32\svchost.exe[932] WS2_32.dll!socket 772236D1 5 Bytes JMP 00F10000
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00FD0F55
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00FD0091
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00FD0F0E
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00FD0F1F
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00FD0F92
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00FD0FD4
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00FD0025
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00FD0F66
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00FD006C
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00FD0040
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00FD0051
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00FD0FB9
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00FD0F81
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00FD00C0
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00FD000A
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00FD0FE5
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00FD0F44
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 01F30069
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!system 76D9804B 5 Bytes JMP 01F30044
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 01F30018
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_open 76D9D106 5 Bytes JMP 01F30FEF
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 01F30033
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 01F30FDE
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00FF0073
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00FF003D
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00FF0000
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00FF0058
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00FF0FB6
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00FF0FDB
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00FF001B
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00FF002C
.text C:\Windows\System32\svchost.exe[1044] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 01F40FEF
.text C:\Windows\System32\svchost.exe[1044] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 01F40FD4
.text C:\Windows\System32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 01F4000A
.text C:\Windows\System32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 01F4001B
.text C:\Windows\System32\svchost.exe[1044] WS2_32.dll!socket 772236D1 5 Bytes JMP 01F5000A
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00F70F4B
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00F70091
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00F700CE
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00F700BD
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00F7006C
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00F70FD4
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00F70FC3
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00F70F66
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00F70F9E
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00F70040
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00F7005B
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00F7002F
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00F70F77
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00F70F26
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00F70FE5
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00F70000
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00F700AC
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00FE0031
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!system 76D9804B 5 Bytes JMP 00FE0FA6
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00FE0FD2
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00FE0000
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00FE0FC1
.text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00FE0FEF
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00F80F97
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00F80FB9
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00F80000
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00F80FA8
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00F80F86
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00F80025
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00F80FE5
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00F80FCA
.text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 01790FEF
.text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 01790FD4
.text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 01790FC3
.text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 01790FA8
.text C:\Windows\System32\svchost.exe[1136] WS2_32.dll!socket 772236D1 5 Bytes JMP 017A000A
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00F70F41
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00F70087
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00F70F04
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00F70F15
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00F7005B
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00F7000A
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00F70FB9
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00F70076
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00F70F77
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00F70F94
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00F70036
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00F7001B
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00F70F66
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00F70EF3
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00F70FD4
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00F70FE5
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00F70F30
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00FD0040
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!system 76D9804B 5 Bytes JMP 00FD0FB5
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00FD0000
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00FD0FE3
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00FD001B
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00FD0FC6
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 76A739AB 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00F80FAF
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00F80036
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00F80FE5
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00F80047
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00F80F9E
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00F80FCA
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00F80000
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00F80025
.text C:\Windows\System32\svchost.exe[1220] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00FE0FE5
.text C:\Windows\System32\svchost.exe[1220] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00FE0FCA
.text C:\Windows\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00FE0FB9
.text C:\Windows\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00FE000A
.text C:\Windows\System32\svchost.exe[1220] WS2_32.dll!socket 772236D1 5 Bytes JMP 00FF0000
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00F10F73
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00F100AF
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00F10F22
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00F10F3D
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00F10FA6
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00F1002F
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00F10FD4
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00F10F84
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00F10080
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00F1004A
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00F1006F
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00F10FC3
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00F10F95
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00F100D4
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00F1000A
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00F10FEF
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00F10F58
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00F8003F
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!system 76D9804B 5 Bytes JMP 00F80FBE
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00F80FD9
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00F80000
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00F8002E
.text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00F80011
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00F70FAC
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00F7003D
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00F70000
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00F7004E
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00F70069
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00F7002C
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00F7001B
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00F70FD1
.text C:\Windows\system32\svchost.exe[1252] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00FD000A
.text C:\Windows\system32\svchost.exe[1252] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00FD0FEF
.text C:\Windows\system32\svchost.exe[1252] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00FD001B
.text C:\Windows\system32\svchost.exe[1252] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00FD0FC0
.text C:\Windows\system32\svchost.exe[1252] WS2_32.dll!socket 772236D1 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 008D00B8
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 008D0F68
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 008D0F21
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 008D0F3C
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 008D0078
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 008D0011
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 008D0036
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 008D0F79
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 008D0F9E
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 008D0051
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 008D0FAF
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 008D0FCA
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 008D0089
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 008D0F10
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 008D0000
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 008D0F57
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 008F0036
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!system 76D9804B 5 Bytes JMP 008F0FAB
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 008F000A
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_open 76D9D106 5 Bytes JMP 008F0FE3
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 008F001B
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 008F0FC6
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 008E006F
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 008E004A
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 008E0000
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 008E0FCD
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 008E0080
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 008E0025
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 008E0FEF
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 008E0FDE
.text C:\Windows\system32\svchost.exe[1312] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00A10FE5
.text C:\Windows\system32\svchost.exe[1312] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00A10000
.text C:\Windows\system32\svchost.exe[1312] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00A1001B
.text C:\Windows\system32\svchost.exe[1312] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00A1002C
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 008400B5
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00840F65
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 008400E1
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 008400D0
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00840F91
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00840011
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 0084002C
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00840090
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 0084005F
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00840FB6
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 0084004E
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 0084003D
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00840F80
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 008400FC
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00840FE5
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00840000
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00840F54
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 008E0064
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!system 76D9804B 5 Bytes JMP 008E0FCF
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 008E002E
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_open 76D9D106 5 Bytes JMP 008E0000
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 008E003F
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 008E001D
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00890051
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00890025
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00890036
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00890F94
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00890FB9
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00890FCA
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[1356] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00930000
.text C:\Windows\system32\svchost.exe[1356] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00930011
.text C:\Windows\system32\svchost.exe[1356] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00930FDB
.text C:\Windows\system32\svchost.exe[1356] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 0093002C
.text C:\Windows\system32\svchost.exe[1356] WS2_32.dll!socket 772236D1 5 Bytes JMP 00DD0000
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00C30F5F
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00C300A5
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00C300DB
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00C300CA
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00C30F9C
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00C30FEF
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00C30040
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00C30F7A
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00C30080
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00C3005B
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00C30FC3
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00C30FD4
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00C30F8B
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00C30F33
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00C3001B
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00C30000
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00C30F4E
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00D00027
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!system 76D9804B 5 Bytes JMP 00D00F9C
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00D00FD2
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00D00FEF
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00D00FB7
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00D0000C
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00CF0FC3
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00CF0040
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00CF0FE5
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00CF0065
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00CF0FA8
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00CF0014
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00CF0FD4
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00CF0025
.text C:\Windows\system32\svchost.exe[1444] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[1444] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00D10FDE
.text C:\Windows\system32\svchost.exe[1444] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00D10FC3
.text C:\Windows\system32\svchost.exe[1444] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00D10014
.text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!socket 772236D1 5 Bytes JMP 00FF0000
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00CC0F3A
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00CC0F5F
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00CC00D1
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00CC00C0
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00CC0065
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00CC0014
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00CC0FC3
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00CC0F70
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00CC0F8D
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00CC004A
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00CC0F9E
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00CC002F
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00CC0080
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00CC0F29
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00CC0FDE
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00CC0FEF
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00CC00A5
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00CE0F9A
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!system 76D9804B 5 Bytes JMP 00CE0FAB
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00CE0FC6
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00CE0000
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00CE001B
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00CE0FE3
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00CD0062
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00CD0047
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00CD0000
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00CD0FCA
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00CD0073
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00CD0036
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00CD0011
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00CD0FDB
.text C:\Windows\system32\svchost.exe[1556] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00D30FEF
.text C:\Windows\system32\svchost.exe[1556] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00D30FDE
.text C:\Windows\system32\svchost.exe[1556] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00D30014
.text C:\Windows\system32\svchost.exe[1556] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00D30FC3
.text C:\Windows\system32\svchost.exe[1556] WS2_32.dll!socket 772236D1 5 Bytes JMP 00D40000
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 01D20F0B
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 01D20F30
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 01D20EE6
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 01D20087
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 01D20F41
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 01D20FCA
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 01D20FAF
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 01D2005B
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 01D20F5C
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 01D20F83
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 01D2001B
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 01D20F9E
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 01D20040
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 01D200A2
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 01D20000
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 01D20FEF
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 01D2006C
.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 02600027
.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!system 76D9804B 5 Bytes JMP 02600F9C
.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 02600FC1
.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!_open 76D9D106 5 Bytes JMP 02600FEF
.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 0260000C
.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 02600FD2
.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 0253005E
.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 02530FB2
.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 02530FEF
.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 02530039
.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 0253006F
.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 02530FCD
.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 02530FDE
.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 02530028
.text C:\Windows\system32\svchost.exe[1864] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 02610FEF
.text C:\Windows\system32\svchost.exe[1864] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 0261000A
.text C:\Windows\system32\svchost.exe[1864] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 02610FD4
.text C:\Windows\system32\svchost.exe[1864] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 0261002F
.text C:\Windows\system32\svchost.exe[1864] WS2_32.dll!socket 772236D1 5 Bytes JMP 02660FEF
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00050F7F
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 000500C5
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00050F64
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 000500FB
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00050F90
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00050FC3
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00050FB2
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 000500AA
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 0005005E
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00050028
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00050043
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00050FA1
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 0005008F
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00050120
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00050FDE
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00050FEF
.text C:\Windows\Explorer.EXE[2076] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 000500E0
.text C:\Windows\Explorer.EXE[2076] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00070036
.text C:\Windows\Explorer.EXE[2076] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00070FB9
.text C:\Windows\Explorer.EXE[2076] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00070FE5
.text C:\Windows\Explorer.EXE[2076] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00070F94
.text C:\Windows\Explorer.EXE[2076] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00070F83
.text C:\Windows\Explorer.EXE[2076] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 0007000A
.text C:\Windows\Explorer.EXE[2076] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00070FD4
.text C:\Windows\Explorer.EXE[2076] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 0007001B
.text C:\Windows\Explorer.EXE[2076] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00080FAD
.text C:\Windows\Explorer.EXE[2076] msvcrt.dll!system 76D9804B 5 Bytes JMP 00080038
.text C:\Windows\Explorer.EXE[2076] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00080FC8
.text C:\Windows\Explorer.EXE[2076] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00080FE3
.text C:\Windows\Explorer.EXE[2076] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 0008001D
.text C:\Windows\Explorer.EXE[2076] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 0008000C
.text C:\Windows\Explorer.EXE[2076] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00930000
.text C:\Windows\Explorer.EXE[2076] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 0093001B
.text C:\Windows\Explorer.EXE[2076] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00930036
.text C:\Windows\Explorer.EXE[2076] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00930FDB
.text C:\Windows\Explorer.EXE[2076] WS2_32.dll!socket 772236D1 5 Bytes JMP 00910FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 4C2C00D0
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 4C2C0F80
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 4C2C0106
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 4C2C0F65
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 4C2C0075
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 4C2C0FD1
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 4C2C0FC0
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 4C2C00AB
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!LoadLibraryExW 75CB9109 3 Bytes JMP 4C2C0058
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!LoadLibraryExW + 4 75CB910D 1 Byte [D6]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 4C2C0FAF
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 4C2C0047
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 4C2C002C
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 4C2C0086
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 4C2C0121
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 4C2C0011
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 4C2C0000
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 4C2C00E1
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 4C2E0049
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] msvcrt.dll!system 76D9804B 5 Bytes JMP 4C2E002E
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 4C2E001D
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] msvcrt.dll!_open 76D9D106 5 Bytes JMP 4C2E0FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 4C2E0FBE
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] msvcrt.dll!_wopen 76D9D501 4 Bytes JMP 4C2E000C
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 4C2D0F8A
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 4C2D0FC0
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 4C2D0000
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 4C2D0FA5
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 4C2D0F6F
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 4C2D0FDB
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 4C2D0011
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 4C2D002C
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 4C2F000A
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 4C2F0FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 4C2F0025
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 4C2F0036
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2168] WS2_32.dll!socket 772236D1 5 Bytes JMP 4C6C0000
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00C40089
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00C40F43
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00C40F17
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00C400A4
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00C40F79
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00C40011
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00C40022
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00C4006E
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00C40047
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00C40FA5
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00C40F94
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00C40FB6
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00C40F5E
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00C40F06
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00C40000
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00C40FE5
.text C:\Windows\System32\svchost.exe[2212] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00C40F28
.text C:\Windows\System32\svchost.exe[2212] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00C6002C
.text C:\Windows\System32\svchost.exe[2212] msvcrt.dll!system 76D9804B 5 Bytes JMP 00C60FA1
.text C:\Windows\System32\svchost.exe[2212] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00C60FCD
.text C:\Windows\System32\svchost.exe[2212] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00C60FEF
.text C:\Windows\System32\svchost.exe[2212] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00C60FBC
.text C:\Windows\System32\svchost.exe[2212] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00C60FDE
.text C:\Windows\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00C50FA8
.text C:\Windows\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00C50040
.text C:\Windows\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00C50FEF
.text C:\Windows\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00C50FB9
.text C:\Windows\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00C50065
.text C:\Windows\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00C50FD4
.text C:\Windows\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00C5000A
.text C:\Windows\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00C5002F
.text C:\Windows\System32\svchost.exe[2212] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00C7000A
.text C:\Windows\System32\svchost.exe[2212] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00C7001B
.text C:\Windows\System32\svchost.exe[2212] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00C7002C
.text C:\Windows\System32\svchost.exe[2212] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00C70047
.text C:\Windows\System32\svchost.exe[2212] WS2_32.dll!socket 772236D1 5 Bytes JMP 00C80000
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 008A0F3A
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 008A0F4B
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 008A00BD
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 008A00AC
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 008A0051
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 008A000A
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 008A0025
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 008A0F5C
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 008A0F83
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 008A0040
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 008A0F9E
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 008A0FB9
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 008A006C
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 008A0F0B
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 008A0FD4
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 008A0FEF
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 008A009B
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 008C004C
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!system 76D9804B 5 Bytes JMP 008C0FB7
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 008C0027
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!_open 76D9D106 5 Bytes JMP 008C0FE3
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 008C0FC8
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 008C000C
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 008B0F8D
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 008B0FAF
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 008B0000
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 008B0F9E
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 008B0F68
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 008B0FDE
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 008B0FEF
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 008B0025
.text C:\Windows\System32\svchost.exe[2264] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 008D0FEF
.text C:\Windows\System32\svchost.exe[2264] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 008D000A
.text C:\Windows\System32\svchost.exe[2264] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 008D002F
.text C:\Windows\System32\svchost.exe[2264] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 008D0040
.text C:\Windows\System32\svchost.exe[2264] WS2_32.dll!socket 772236D1 5 Bytes JMP 008E0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00F10F36
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00F10F47
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00F10F00
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00F10097
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00F10F73
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00F10FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00F10FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00F10F58
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00F10F84
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00F10043
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00F10FA1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00F10FBC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00F1005E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00F100A8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00F10014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00F10FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00F10F1B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00F3006C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00F30051
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00F30000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00F30FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00F3007D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00F3001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00F30FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00F30040
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00F60053
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] msvcrt.dll!system 76D9804B 5 Bytes JMP 00F60042
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00F60027
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00F60FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00F60FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00F6000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] WS2_32.dll!socket 772236D1 5 Bytes JMP 00F80FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00F70000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00F70FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00F70FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2272] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00F7001B
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 008F0F4E
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 008F009E
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 008F0F18
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 008F00AF
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 008F0F7A
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 008F0FCD
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 008F0014
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 008F0F69
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 008F0054
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 008F0FA1
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 008F0043
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 008F0FB2
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 008F006F
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 008F00CA
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 008F0FDE
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[2332] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 008F0F3D
.text C:\Windows\system32\svchost.exe[2332] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 0091003B
.text C:\Windows\system32\svchost.exe[2332] msvcrt.dll!system 76D9804B 5 Bytes JMP 0091002A
.text C:\Windows\system32\svchost.exe[2332] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00910FC1
.text C:\Windows\system32\svchost.exe[2332] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[2332] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00910FB0
.text C:\Windows\system32\svchost.exe[2332] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00910FD2
.text C:\Windows\system32\svchost.exe[2332] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00900F8A
.text C:\Windows\system32\svchost.exe[2332] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00900FC0
.text C:\Windows\system32\svchost.exe[2332] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[2332] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00900FA5
.text C:\Windows\system32\svchost.exe[2332] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00900F79
.text C:\Windows\system32\svchost.exe[2332] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 0090001B
.text C:\Windows\system32\svchost.exe[2332] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00900FDB
.text C:\Windows\system32\svchost.exe[2332] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 0090002C
.text C:\Windows\system32\svchost.exe[2332] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00920FEF
.text C:\Windows\system32\svchost.exe[2332] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00920FDE
.text C:\Windows\system32\svchost.exe[2332] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00920014
.text C:\Windows\system32\svchost.exe[2332] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 0092002F
.text C:\Windows\system32\svchost.exe[2332] WS2_32.dll!socket 772236D1 5 Bytes JMP 0093000A
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00E900BF
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00E90F6F
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00E900FF
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00E900E4
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00E9007F
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00E90022
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00E90FDB
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00E90F8A
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00E90FA5
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00E90047
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00E90062
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00E90FC0
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00E9009A
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00E90110
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00E90011
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00E90000
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00E90F5E
.text C:\Windows\system32\svchost.exe[2712] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00EB0044
.text C:\Windows\system32\svchost.exe[2712] msvcrt.dll!system 76D9804B 5 Bytes JMP 00EB0FB9
.text C:\Windows\system32\svchost.exe[2712] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00EB0029
.text C:\Windows\system32\svchost.exe[2712] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00EB0FEF
.text C:\Windows\system32\svchost.exe[2712] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00EB0FD4
.text C:\Windows\system32\svchost.exe[2712] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00EB0018
.text C:\Windows\system32\svchost.exe[2712] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00EA0062
.text C:\Windows\system32\svchost.exe[2712] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00EA0040
.text C:\Windows\system32\svchost.exe[2712] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00EA0FEF
.text C:\Windows\system32\svchost.exe[2712] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00EA0051
.text C:\Windows\system32\svchost.exe[2712] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00EA0FAF
.text C:\Windows\system32\svchost.exe[2712] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00EA002F
.text C:\Windows\system32\svchost.exe[2712] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00EA000A
.text C:\Windows\system32\svchost.exe[2712] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00EA0FD4
.text C:\Windows\system32\svchost.exe[2712] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00EC0000
.text C:\Windows\system32\svchost.exe[2712] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00EC001B
.text C:\Windows\system32\svchost.exe[2712] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00EC002C
.text C:\Windows\system32\svchost.exe[2712] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00EC0FE5
.text C:\Windows\system32\svchost.exe[2712] WS2_32.dll!socket 772236D1 5 Bytes JMP 00ED0FE5
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!GetStartupInfoW 75C91929 5 Bytes JMP 00E20F4B
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!GetStartupInfoA 75C919C9 5 Bytes JMP 00E20091
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateProcessW 75C91BF3 5 Bytes JMP 00E20F04
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateProcessA 75C91C28 5 Bytes JMP 00E20F1F
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!VirtualProtect 75C91DC3 5 Bytes JMP 00E20F70
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateNamedPipeA 75C92EF5 5 Bytes JMP 00E20FD4
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateNamedPipeW 75C95C0C 5 Bytes JMP 00E20025
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreatePipe 75CB8E6E 5 Bytes JMP 00E2006C
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!LoadLibraryExW 75CB9109 5 Bytes JMP 00E20F81
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!LoadLibraryW 75CB9362 5 Bytes JMP 00E20FA8
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!LoadLibraryExA 75CB94B4 5 Bytes JMP 00E2004A
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!LoadLibraryA 75CB94DC 5 Bytes JMP 00E20FB9
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!VirtualProtectEx 75CBDBDA 5 Bytes JMP 00E2005B
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!GetProcAddress 75CD903B 5 Bytes JMP 00E200C0
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateFileW 75CDAECB 5 Bytes JMP 00E20FEF
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateFileA 75CDCE5F 5 Bytes JMP 00E2000A
.text C:\Windows\System32\svchost.exe[2804] kernel32.dll!WinExec 75D25CF7 5 Bytes JMP 00E20F3A
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!_wsystem 76D97F2F 5 Bytes JMP 00E40053
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!system 76D9804B 5 Bytes JMP 00E40FBE
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!_creat 76D9BBE1 5 Bytes JMP 00E4001D
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!_open 76D9D106 5 Bytes JMP 00E40FEF
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!_wcreat 76D9D326 5 Bytes JMP 00E40038
.text C:\Windows\System32\svchost.exe[2804] msvcrt.dll!_wopen 76D9D501 5 Bytes JMP 00E4000C
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00E30FB6
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00E30047
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00E30FEF
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00E30058
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00E30073
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00E3001B
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00E3000A
.text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00E3002C
.text C:\Windows\System32\svchost.exe[2804] WININET.dll!InternetOpenA 76E1D690 5 Bytes JMP 00E50FE5
.text C:\Windows\System32\svchost.exe[2804] WININET.dll!InternetOpenW 76E1DB09 5 Bytes JMP 00E50FD4
.text C:\Windows\System32\svchost.exe[2804] WININET.dll!InternetOpenUrlA 76E1F3A4 5 Bytes JMP 00E5000A
.text C:\Windows\System32\svchost.exe[2804] WININET.dll!InternetOpenUrlW 76E66DDF 5 Bytes JMP 00E50FC3
.text C:\Windows\System32\svchost.exe[2804] WS2_32.dll!socket 772236D1 5 Bytes JMP 00E90000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F3A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73EDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73EDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F18395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73EEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73EDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73EDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73ED71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F6CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F0C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73EDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73ED6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73ED687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73EE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4200] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01BC2F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4200] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01BC2CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4200] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01BC2C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4200] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01BC2CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5676] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02682F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5676] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [02682CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5676] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02682C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5676] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02682CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\iaStor \Device\Ide\iaStor0 [828506C8] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [828506C8] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\DRIVERS\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----



Thank you for your help!

Attached Files


Edited by elocine, 03 December 2009 - 08:05 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 16 December 2009 - 10:48 PM

Sorry for the long delay. Do you still desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 elocine

elocine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 17 December 2009 - 08:39 AM

Hi thcbytes!
Thank you for helping me. Yes, I definitely need your help, especially since I have recently had a new symptom occuring on my laptop, ie a Blue Screen of Death. I have not used my laptop much since I posted this topic (I was advised not to, and anyway, it is so slow and not secure for online transactions), but the last few times I did, I got this BSOD. I did not get to see what caused it, because my laptop rebooted right away, but I suspect it is the mfehidk.sys file that showed in the logs I posted previously. What should I do now? If you want me to get some new logs because I have used my laptop since I posted the previous ones, let me know. I can do it today.
Again, thank you for your help. Have a great day! :(

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 17 December 2009 - 09:53 AM

Alright.

You have a seriously severely infected computer!

Please note...

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Spybot <--- Will interfere with our fix

Additional instructions can be found here if needed.

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix:

http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

With your next post please provide:

* Combofix.exe

Kind regards,
~t

Edited by thcbytes, 17 December 2009 - 09:56 AM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 elocine

elocine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 17 December 2009 - 03:02 PM

Thank you for your reply! I would like to first mention that I am posting this new reply using another (clean) computer than the one we are trying to clean, because I am now unable to open any of my browsers (IE, Firefox or Google Chrome) or any of my other programs (Microsoft Office, Skype, etc.) that were installed before we started the cleaning procedure with Combofix. Each time I try to open a program, I get the following warning:

"C:\Program Files\... "
"Illegal operation attempted on a registry key that has been marked for deletion".

Therefore, I had to save the Combofix.txt file on a flashdrive and post it hereafter using my "secondary" computer.
Until you can help me getting my programs to work again, I will read your replies on that same computer.

Here is the requested Combofix log:

ComboFix 09-12-16.05 - Nicole 12/17/2009 14:01:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1026 [GMT -6:00]
Running from: c:\users\Nicole\Desktop\thcbytes.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1006857966-120873309-3025681479-500
c:\$recycle.bin\S-1-5-21-493749039-2321722389-2851339867-500
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\VDM2550.tmp
C:\VDM2551.tmp
C:\VDM3C87.tmp
C:\VDM3C88.tmp
C:\VDM4751.tmp
C:\VDM4752.tmp
C:\VDM6980.tmp
C:\VDM6981.tmp
c:\windows\system32\oem44.inf
c:\windows\system32\oem71.inf
c:\windows\system32\tdlcmd.dll

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - c:\thcbytes\HarddiskVolumeShadowCopy7_!Windows!System32!drivers!iaStor.sys
.
((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.

2009-12-08 22:24 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-08 22:24 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-08 22:24 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 21:44 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-30 17:29 . 2009-11-30 17:29 -------- d-----w- c:\users\Nicole\AppData\Local\LogiShrd
2009-11-30 17:18 . 2009-12-17 19:31 -------- d-----w- c:\users\Nicole\Tracing
2009-11-30 17:16 . 2009-11-30 17:16 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-30 17:16 . 2009-08-06 04:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-30 17:13 . 2009-11-30 17:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-30 17:12 . 2009-11-30 17:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-30 17:06 . 2009-11-30 17:06 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-30 17:06 . 2009-11-30 17:16 -------- d-----w- c:\program files\Windows Live
2009-11-30 17:05 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-30 17:05 . 2009-11-30 17:05 -------- d-----w- c:\users\Nicole\AppData\Roaming\Leadertech
2009-11-30 16:53 . 2009-11-30 16:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-30 16:33 . 2009-11-30 17:06 -------- d-----w- c:\program files\Microsoft
2009-11-27 14:42 . 2009-11-27 14:42 -------- d-----w- c:\users\Nicole\AppData\Roaming\Malwarebytes
2009-11-27 14:42 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 14:42 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 14:42 . 2009-11-27 14:42 -------- d-----w- c:\programdata\Malwarebytes
2009-11-27 14:42 . 2009-12-04 00:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 14:36 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 13:46 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-22 00:40 . 2009-11-22 00:40 -------- d-----w- c:\users\Nicole\AppData\Local\ElevatedDiagnostics
2009-11-22 00:34 . 2009-11-22 00:35 -------- d-----w- c:\program files\Microsoft ATS
2009-11-20 05:44 . 2009-11-20 05:44 -------- d-----w- c:\programdata\HP Product Assistant
2009-11-20 05:40 . 2009-11-20 20:41 77352 ----a-w- c:\windows\hpqins05.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 18:51 . 2007-10-01 22:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-17 18:46 . 2007-10-01 22:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-16 23:14 . 2007-10-01 21:10 -------- d-----w- c:\programdata\Google Updater
2009-12-14 14:10 . 2009-10-28 01:39 -------- d-----w- c:\users\Nicole\AppData\Roaming\Skype
2009-12-14 14:09 . 2009-11-10 16:27 -------- d-----w- c:\users\Nicole\AppData\Roaming\skypePM
2009-12-12 15:50 . 2008-08-10 01:58 -------- d-----w- c:\users\Nicole\AppData\Roaming\ZoomBrowser EX
2009-12-12 15:48 . 2008-08-10 01:52 -------- d-----w- c:\programdata\ZoomBrowser
2009-12-08 22:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 22:30 . 2007-07-02 18:53 -------- d-----w- c:\programdata\Microsoft Help
2009-11-30 18:01 . 2007-07-02 19:44 -------- d-----w- c:\program files\Java
2009-11-30 17:05 . 2009-10-31 03:49 -------- d-----w- c:\program files\Logitech
2009-11-30 17:05 . 2009-10-31 03:49 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-11-30 17:04 . 2009-10-31 03:49 -------- d-----w- c:\programdata\Logishrd
2009-11-21 06:40 . 2009-12-08 21:47 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-08 21:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-08 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-08 21:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 20:21 . 2009-10-30 19:27 680 ----a-w- c:\users\Nicole\AppData\Local\d3d9caps.dat
2009-11-20 19:50 . 2007-07-02 19:08 -------- d-----w- c:\programdata\HP
2009-11-20 14:39 . 2007-10-01 02:19 139088 ----a-w- c:\users\Nicole\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-20 05:27 . 2007-10-01 21:16 -------- d-----w- c:\program files\Picasa2
2009-11-16 01:40 . 2007-11-12 20:15 -------- d-----w- c:\program files\QuickTime
2009-11-16 01:35 . 2008-06-05 15:05 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 17:25 . 2009-11-14 17:25 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-11-14 17:25 . 2009-11-14 17:23 -------- d-----w- c:\program files\McAfee
2009-11-14 17:25 . 2007-10-01 03:10 -------- d-----w- c:\programdata\McAfee
2009-11-14 17:23 . 2009-11-14 17:23 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-13 02:10 . 2008-12-27 01:46 -------- d-----w- c:\programdata\MyHeritage
2009-11-13 02:07 . 2008-12-27 01:46 -------- d-----w- c:\users\Nicole\AppData\Roaming\MyHeritage
2009-11-13 02:07 . 2009-11-13 02:07 -------- d-----w- c:\program files\Family Toolbar
2009-11-13 02:05 . 2008-03-16 21:13 -------- d-----w- c:\program files\MyHeritage
2009-11-10 16:27 . 2009-11-10 16:27 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-05 17:44 . 2009-03-29 15:38 -------- d-----w- c:\program files\AVS4YOU
2009-11-05 17:42 . 2007-07-02 19:26 -------- d-----w- c:\program files\Rhapsody
2009-11-05 17:40 . 2007-07-02 19:26 -------- d-----w- c:\program files\Real
2009-11-05 16:11 . 2007-10-02 03:15 -------- d-----w- c:\program files\Common Files\Real
2009-11-05 15:38 . 2009-03-29 15:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-03 02:42 . 2009-10-04 01:21 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-03 02:21 . 2007-12-09 03:40 -------- d-----w- c:\users\Nicole\AppData\Roaming\OpenOffice.org2
2009-10-31 03:55 . 2009-10-31 03:55 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-10-31 03:55 . 2007-07-02 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-31 03:49 . 2009-10-31 03:49 -------- d-----w- c:\programdata\Logitech
2009-10-30 19:06 . 2009-10-30 19:06 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-30 19:05 . 2009-10-30 19:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-30 19:04 . 2009-10-30 19:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-28 01:36 . 2009-10-28 01:35 -------- d-----r- c:\program files\Skype
2009-10-28 01:35 . 2009-10-28 01:35 -------- d-----w- c:\program files\Common Files\Skype
2009-10-28 01:35 . 2009-10-28 01:35 -------- d-----w- c:\programdata\Skype
2009-10-27 23:16 . 2009-10-27 23:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 23:16 . 2009-07-04 18:17 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-25 01:37 . 2009-10-25 01:36 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-10-11 10:17 . 2008-12-17 15:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-10-30 18:26 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:08 . 2009-10-30 18:26 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:07 . 2009-10-30 18:26 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-07 07:46 . 2009-10-07 07:46 25752 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-10-07 07:23 . 2009-10-07 07:23 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-10-01 01:02 . 2009-10-30 18:28 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-10-30 18:29 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-10-30 18:28 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-10-30 18:28 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-10-30 18:29 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-30 18:28 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-10-30 18:28 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-10-30 18:28 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-10-30 18:28 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-10-30 18:28 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-10-30 18:28 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-10-30 18:29 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-10-30 18:28 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-10-30 18:28 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-10-30 18:28 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-10-30 18:28 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-10-30 18:30 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-30 18:30 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-30 18:30 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-30 18:30 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-30 18:30 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-30 18:30 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-30 18:30 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-30 18:30 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-30 18:30 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-30 18:30 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-30 18:30 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-30 18:30 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-30 18:29 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-30 18:29 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-30 18:29 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-30 18:29 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-30 18:29 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-30 18:30 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-30 18:29 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-10-30 18:29 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-10-30 18:30 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-30 18:30 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-30 18:29 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-30 18:29 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-30 18:30 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-30 18:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-30 18:30 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-01 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PlaxoUpdate"="c:\users\Nicole\AppData\Local\Plaxo\3.17.0.16\PlaxoHelper_en.exe" [2008-11-19 369223]
"PlaxoSysTray"="c:\users\Nicole\AppData\Local\Plaxo\3.17.0.16\PlaxoSysTray.exe" [2008-11-19 20480]
"Google Update"="c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-21 217088]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 184320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-22 788880]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-05 198160]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-07-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-10-30 66864]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-4-24 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2009-01-14 13:49 113680 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2005-05-09 23:16 192512 ----a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:b2,2f,6f,6f,49,3d,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/17/2009 4:39 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1184912]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 9:05 AM 92008]
S2 gupdate1c9f608655a2e70;Google Update Service (gupdate1c9f608655a2e70);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2009 8:47 PM 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2008 4:45 AM 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [11/30/2009 11:16 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [11/27/2009 8:42 AM 38224]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 5:48 PM 42480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netscape.net/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\ru96s751.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.netscape.net
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Nicole\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Nicole\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-WT021402 - c:\program files\HP Games\Family Feud\Uninstall.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-12-17 14:34:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-17 20:34

Pre-Run: 15,687,864,320 bytes free
Post-Run: 15,451,885,568 bytes free

- - End Of File - - C746D40D12BBBB13A4691ABF0B08581A


What should I do next? In advance, thank you for your next reply.

Best regards

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 17 December 2009 - 04:54 PM

Well done :(
Lot's of work to do still.

==========

Please note....

With Vista you will need to right click and run as admin to get many of my programs to run.

==========

In regards to your flash drive. We do not want to infect your clean computer. Let's immunize that flash drive! Also. Please leave it plugged into the sick computer when we are running scans and cleanup on the sick computer.

Do this.....

Please download Flash_Disinfector.exe by sUBs and save it to the desktop of you clean computer.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

==========

Back to the sick computer now....

Download and run Win32kDiag:Next......


Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. If you are using Vista please right click and run as Admin!
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

Files::
c:\windows\system32\win32k.sys
c:\windows\system32\tdlcmd.dll

Driver::
clcwsphc
ffqwjxpm
ghkiorfl
jnyxudev
qobaduvy
qsdpvhou
slabgwzb
ujdpiiqn
xgmzgqao
yemnizun

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please download MBR.EXE by GMER. Save the file in your root directory. (C:\)
  • Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
    @echo off
    cd\
    mbr.exe -t
    start mbr.log
  • Next, select File --> Save As, change file type to All Files (*.*), and save it as fixme.bat in your c:\ folder.
  • Open your c:\folder right-click on fixme.bat and select Run as Administrator. A logfile will open (C:\mbr.log). Please paste the contents in your next reply.
==========

Reset TCP/IP Properties

First:

* Go to Start -> Control Panel -> Double click on Network Connections.
* Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.

* Select the General tab.
* Double click on Internet Protocol (TCP/IP).

Under General tab:

- Select "Obtain an IP address automatically".
- Select "Obtain DNS server address automatically".

* Click OK twice to save the settings.
* Reboot if you had to change any setting.

Next:

* Go to start > Run copy/paste the contents of the code box excluding "code" in the run box and click OK.

cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt&del log.txt
A command window opens. Wait until a log.txt file opens.

* Please copy/paste the log file in your reply.

Are you able to connect to the internet now?


==========

With your next post please provide:

* Win32kDiag.txt
* Log.txt
* Combofix.txt
* Mbr log
* Internet connection log
* Are you able to connect to the internet?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 elocine

elocine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 17 December 2009 - 05:23 PM

Hi again!

I have just read all of your latest instructions and I would like to start on them, but as I mentioned it in my last post, I cannot access any of my programs. I cannot open Internet to go to your web site and download the requested programs onto my laptop (sick computer), neither can I access the Control Panel.

The same warning appears: "Illegal operation attempted on a registry key that has been marked for deletion".

Should I reboot my computer (I hope I can!) in a safe mode (how do I do that?), or should I do something else to be able to start on the procedures you gave me? I apologize for asking so many (simple?) questions, but I do not know much about computers. You will have to be patient with me! :( :(

One more question concerning my flashdrive: I have some files on it besides the Combofix log. Will they be affected by the immunization process you are recommanding? I do not want to lose them or them being inaccessible.

Thank you for your reply.

Best regards

PS: I have just figured out that I can open the Internet browsers by running them as an administrator (right click). But I still cannot open some of the other programs (Microsoft Office, for example) or the Control Panel, since I do not see the "Run as Admin" option by right-clicking.

Edited by elocine, 17 December 2009 - 05:40 PM.


#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 17 December 2009 - 06:53 PM

All good questions. I did not realize that you could not access the control panel too.

==========

It does not matter though. You can download the applications I have requested from a clean computer to your flash drive then transfer them to the desktop of your sick computer.

==========

One more question concerning my flashdrive: I have some files on it besides the Combofix log. Will they be affected by the immunization process you are recommanding? I do not want to lose them or them being inaccessible.

It is all safe. You should immunize all your flash drives you own.

==========

Do you have a typical desktop screen?
Do you have the Start button in the lower left corner of the screen?
Does the Start icon work?
Have you rebooted since you ran Combofix? If not please do so and see if that helps.
When you press CTRL+SHIFT+ESC (all at the same time) does this bring up the Task Manager?

==========

I apologize for asking so many (simple?) questions, but I do not know much about computers. You will have to be patient with me!

No apologies necessary. That's why I am here....to help. No rush. I will help guide you.

==========

Safe mode is a good idea but it might not work. If it does not work then we can still work in normal mode. I will provide additional detail if necessary!

This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Now run all the steps from my previous post if able.

Let me know if you encounter troubles and please answer all my questions!.

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 elocine

elocine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 17 December 2009 - 11:18 PM

Thank you again for your prompt reply!

Here is a quick update of what I have been able to do so far since my last post. Right now, I am running all the steps you previously requested on my sick laptop.

Before I started the above-mentioned procedures, I followed your advice and rebooted my computer in normal mode, which actually solved most of the issues I had with opening browsers, programs and the Control Panel as well. So I suppose there is no need to use the safe mode in that case.

Now, to answer your questions:

Do you have a typical desktop screen? Yes.

Do you have the Start button in the lower left corner of the screen? Yes.

Does the Start icon work? Yes.

Have you rebooted since you ran Combofix? If not please do so and see if that helps. Yes, definitely (cf. above)

When you press CTRL+SHIFT+ESC (all at the same time) does this bring up the Task Manager? Yes.

So far, everything in the cleaning procedure is running normally. After running ComboFix again as requested, I rebooted my computer. I will provide you with all the logs obtained in my next post.

Thank you.

Best regards

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 17 December 2009 - 11:23 PM

:(
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 elocine

elocine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 18 December 2009 - 12:17 AM

Hello again!

As promised in my last post, following are the logs that I obtained. I did not perform the last procedure concerning the "Reset TCP/IP Properties" because when I right-click on my default connection and select "Properties", I do not have the tabs you are describing (instead I have 2 tabs: "Networking" and "Sharing"). Anyway, I am able to connect to Internet. Let me know if I need to do anything further in that area.

Here are the logs:


* Win32kDiag.txt


Running from: C:\Users\Nicole\Desktop\Win32kDiag.exe

Log file at : C:\Users\Nicole\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-12-17 21:37:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-12-17 21:37:52 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-12-17 21:37:52 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-12-17 21:37:52 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-12-17 21:39:04 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()





Finished!


* Log.txt


Volume in drive C has no label.
Volume Serial Number is 341B-B06E

Directory of C:\WINDOWS\ERDNT\cache

04/11/2009 12:28 AM 177,152 scecli.dll

Directory of C:\WINDOWS\ERDNT\cache

04/11/2009 12:28 AM 592,896 netlogon.dll

Directory of C:\WINDOWS\ERDNT\cache

11/02/2006 03:46 AM 11,776 cngaudit.dll
3 File(s) 781,824 bytes

Directory of C:\WINDOWS\System32

04/11/2009 12:28 AM 177,152 scecli.dll

Directory of C:\WINDOWS\System32

04/11/2009 12:28 AM 592,896 netlogon.dll

Directory of C:\WINDOWS\System32

11/02/2006 03:46 AM 11,776 cngaudit.dll
3 File(s) 781,824 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6

11/02/2006 03:46 AM 11,776 cngaudit.dll
1 File(s) 11,776 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e

11/02/2006 03:46 AM 176,640 scecli.dll
1 File(s) 176,640 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

01/19/2008 01:36 AM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e

04/11/2009 12:28 AM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783

11/02/2006 03:46 AM 559,616 netlogon.dll
1 File(s) 559,616 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

01/19/2008 01:35 AM 592,384 netlogon.dll
1 File(s) 592,384 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

04/11/2009 12:28 AM 592,896 netlogon.dll
1 File(s) 592,896 bytes

Total Files Listed:
13 File(s) 3,851,264 bytes
0 Dir(s) 21,932,294,144 bytes free


* Combofix.txt


ComboFix 09-12-16.05 - Nicole 12/17/2009 22:31:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.818 [GMT -6:00]
Running from: c:\users\Nicole\Desktop\thcbytes.exe
Command switches used :: c:\users\Nicole\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 04:42 . 2009-12-18 04:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-18 04:42 . 2009-12-18 04:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-17 20:34 . 2009-12-18 04:47 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2009-12-08 22:24 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-08 22:24 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-08 22:24 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 21:44 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-30 17:29 . 2009-11-30 17:29 -------- d-----w- c:\users\Nicole\AppData\Local\LogiShrd
2009-11-30 17:18 . 2009-12-18 03:41 -------- d-----w- c:\users\Nicole\Tracing
2009-11-30 17:16 . 2009-11-30 17:16 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-30 17:16 . 2009-08-06 04:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-30 17:13 . 2009-11-30 17:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-30 17:12 . 2009-11-30 17:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-30 17:06 . 2009-11-30 17:06 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-30 17:06 . 2009-11-30 17:16 -------- d-----w- c:\program files\Windows Live
2009-11-30 17:05 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-30 17:05 . 2009-11-30 17:05 -------- d-----w- c:\users\Nicole\AppData\Roaming\Leadertech
2009-11-30 16:53 . 2009-11-30 16:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-30 16:33 . 2009-11-30 17:06 -------- d-----w- c:\program files\Microsoft
2009-11-27 14:42 . 2009-11-27 14:42 -------- d-----w- c:\users\Nicole\AppData\Roaming\Malwarebytes
2009-11-27 14:42 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 14:42 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 14:42 . 2009-11-27 14:42 -------- d-----w- c:\programdata\Malwarebytes
2009-11-27 14:42 . 2009-12-04 00:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 14:36 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 13:46 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-22 00:40 . 2009-11-22 00:40 -------- d-----w- c:\users\Nicole\AppData\Local\ElevatedDiagnostics
2009-11-22 00:34 . 2009-11-22 00:35 -------- d-----w- c:\program files\Microsoft ATS
2009-11-20 05:44 . 2009-11-20 05:44 -------- d-----w- c:\programdata\HP Product Assistant
2009-11-20 05:40 . 2009-11-20 20:41 77352 ----a-w- c:\windows\hpqins05.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 18:51 . 2007-10-01 22:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-17 18:46 . 2007-10-01 22:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-16 23:14 . 2007-10-01 21:10 -------- d-----w- c:\programdata\Google Updater
2009-12-14 14:10 . 2009-10-28 01:39 -------- d-----w- c:\users\Nicole\AppData\Roaming\Skype
2009-12-14 14:09 . 2009-11-10 16:27 -------- d-----w- c:\users\Nicole\AppData\Roaming\skypePM
2009-12-12 15:50 . 2008-08-10 01:58 -------- d-----w- c:\users\Nicole\AppData\Roaming\ZoomBrowser EX
2009-12-12 15:48 . 2008-08-10 01:52 -------- d-----w- c:\programdata\ZoomBrowser
2009-12-08 22:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 22:30 . 2007-07-02 18:53 -------- d-----w- c:\programdata\Microsoft Help
2009-11-30 18:01 . 2007-07-02 19:44 -------- d-----w- c:\program files\Java
2009-11-30 17:05 . 2009-10-31 03:49 -------- d-----w- c:\program files\Logitech
2009-11-30 17:05 . 2009-10-31 03:49 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-11-30 17:04 . 2009-10-31 03:49 -------- d-----w- c:\programdata\Logishrd
2009-11-21 06:40 . 2009-12-08 21:47 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-08 21:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-08 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-08 21:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 20:21 . 2009-10-30 19:27 680 ----a-w- c:\users\Nicole\AppData\Local\d3d9caps.dat
2009-11-20 19:50 . 2007-07-02 19:08 -------- d-----w- c:\programdata\HP
2009-11-20 14:39 . 2007-10-01 02:19 139088 ----a-w- c:\users\Nicole\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-20 05:27 . 2007-10-01 21:16 -------- d-----w- c:\program files\Picasa2
2009-11-16 01:40 . 2007-11-12 20:15 -------- d-----w- c:\program files\QuickTime
2009-11-16 01:35 . 2008-06-05 15:05 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 17:25 . 2009-11-14 17:25 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-11-14 17:25 . 2009-11-14 17:23 -------- d-----w- c:\program files\McAfee
2009-11-14 17:25 . 2007-10-01 03:10 -------- d-----w- c:\programdata\McAfee
2009-11-14 17:23 . 2009-11-14 17:23 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-13 02:10 . 2008-12-27 01:46 -------- d-----w- c:\programdata\MyHeritage
2009-11-13 02:07 . 2008-12-27 01:46 -------- d-----w- c:\users\Nicole\AppData\Roaming\MyHeritage
2009-11-13 02:07 . 2009-11-13 02:07 -------- d-----w- c:\program files\Family Toolbar
2009-11-13 02:05 . 2008-03-16 21:13 -------- d-----w- c:\program files\MyHeritage
2009-11-10 16:27 . 2009-11-10 16:27 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-05 17:44 . 2009-03-29 15:38 -------- d-----w- c:\program files\AVS4YOU
2009-11-05 17:42 . 2007-07-02 19:26 -------- d-----w- c:\program files\Rhapsody
2009-11-05 17:40 . 2007-07-02 19:26 -------- d-----w- c:\program files\Real
2009-11-05 16:11 . 2007-10-02 03:15 -------- d-----w- c:\program files\Common Files\Real
2009-11-05 15:38 . 2009-03-29 15:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-03 02:42 . 2009-10-04 01:21 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-03 02:21 . 2007-12-09 03:40 -------- d-----w- c:\users\Nicole\AppData\Roaming\OpenOffice.org2
2009-10-31 03:55 . 2009-10-31 03:55 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-10-31 03:55 . 2007-07-02 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-31 03:49 . 2009-10-31 03:49 -------- d-----w- c:\programdata\Logitech
2009-10-30 19:06 . 2009-10-30 19:06 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-30 19:05 . 2009-10-30 19:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-30 19:04 . 2009-10-30 19:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-28 01:36 . 2009-10-28 01:35 -------- d-----r- c:\program files\Skype
2009-10-28 01:35 . 2009-10-28 01:35 -------- d-----w- c:\program files\Common Files\Skype
2009-10-28 01:35 . 2009-10-28 01:35 -------- d-----w- c:\programdata\Skype
2009-10-27 23:16 . 2009-10-27 23:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 23:16 . 2009-07-04 18:17 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-25 01:37 . 2009-10-25 01:36 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-10-11 10:17 . 2008-12-17 15:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-10-30 18:26 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:08 . 2009-10-30 18:26 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:07 . 2009-10-30 18:26 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-07 07:46 . 2009-10-07 07:46 25752 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-10-07 07:23 . 2009-10-07 07:23 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-10-01 01:02 . 2009-10-30 18:28 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-10-30 18:29 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-10-30 18:28 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-10-30 18:28 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-10-30 18:29 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-30 18:28 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-10-30 18:28 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-10-30 18:28 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-10-30 18:28 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-10-30 18:28 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-10-30 18:28 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-10-30 18:29 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-10-30 18:28 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-10-30 18:28 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-10-30 18:28 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-10-30 18:28 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-10-30 18:30 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-30 18:30 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-30 18:30 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-30 18:30 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-30 18:30 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-30 18:30 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-30 18:30 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-30 18:30 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-30 18:30 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-30 18:30 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-30 18:30 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-30 18:30 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-30 18:29 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-30 18:29 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-30 18:29 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-30 18:29 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-30 18:29 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-30 18:30 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-30 18:29 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-10-30 18:29 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-10-30 18:30 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-30 18:30 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-30 18:29 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-30 18:29 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-30 18:30 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-30 18:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-30 18:30 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-01 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PlaxoUpdate"="c:\users\Nicole\AppData\Local\Plaxo\3.17.0.16\PlaxoHelper_en.exe" [2008-11-19 369223]
"PlaxoSysTray"="c:\users\Nicole\AppData\Local\Plaxo\3.17.0.16\PlaxoSysTray.exe" [2008-11-19 20480]
"Google Update"="c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-21 217088]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 184320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-22 788880]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-05 198160]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-07-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-10-30 66864]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-4-24 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2009-01-14 13:49 113680 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2005-05-09 23:16 192512 ----a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:b2,2f,6f,6f,49,3d,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/17/2009 4:39 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1184912]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 9:05 AM 92008]
S2 gupdate1c9f608655a2e70;Google Update Service (gupdate1c9f608655a2e70);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2009 8:47 PM 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2008 4:45 AM 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [11/30/2009 11:16 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [11/27/2009 8:42 AM 38224]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 5:48 PM 42480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netscape.net/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\ru96s751.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.netscape.net
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-17 22:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-12-17 22:59:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 04:58
ComboFix2.txt 2009-12-17 20:34

Pre-Run: 21,909,155,840 bytes free
Post-Run: 21,869,801,472 bytes free

- - End Of File - - 4BBCC009E8975832AD368EE1253B78B3


* Mbr log


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK


Since I did not perform the last procedure, I do not have the internet connection log.

I really appreciate your help. Thank you so much!

Sincerely :(

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 18 December 2009 - 07:22 AM

Well done. :(

Please save this file to your desktop.
  • Select Posted Image
  • Select All Programs
  • Select Accessories
  • Right click Command Prompt and choose Run as administrator

    Posted Image
  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
Copy-paste the following command (the bolded text) into the "cmd" box, and click enter. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

==========

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:

@echo off
dir "c:\programdata\Logishrd" > C:\list_folder.txt

Name the file as folder.bat, making sure save as type is set to " All Files ". It should look like Posted Image
Double click on folder.bat & allow it to run. Copy and paste the content in your next reply (If the file does not open please check here for the file C:\folder.txt).

==========

Update and re-run MBAM. Post a log

==========

Perform an online scan with Kaspersky WebScanner. This can take a long time so please be patient.

If you have troubles getting it to run.... - STOP - and tell me about it!

(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.
Posted Image

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* Win32kDiag.txt
* Folder.txt
* MBAM log
* Kaspersky log
* OTL.txt
* Extra.txt
* Any further problems with your computer?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 elocine

elocine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 18 December 2009 - 02:06 PM

Hi again!

This is just to let you know that I am working on your latest instructions. :( The Kaspersky scanning is taking forever (so far, it has only scanned 28% in 3 and a half hours!) Is this normal? Since it did not want to run with Google Chrome, I had to use IE. I will post all the requested logs in my next reply (before the end of the day, hopefully!)

Thank you again.

Have a wonderful day! :(

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 PM

Posted 18 December 2009 - 03:56 PM

Kaspersky can be buggy but really has the broadest definitions. If it stalls then do this instead in addition to the other instructions.....

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 elocine

elocine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 18 December 2009 - 09:56 PM

Hi thcbytes!

Since Kaspersky did not stall, I decided to let it finish scanning (it took almost 11 hours!). Here are all the requested logs:


* Win32kDiag.txt


Running from: C:\Users\Nicole\desktop\win32kdiag.exe

Log file at : C:\Users\Nicole\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl



Finished!


* List_Folder.txt


Volume in drive C has no label.
Volume Serial Number is 341B-B06E

Directory of c:\programdata\Logishrd

11/30/2009 11:04 AM <DIR> .
11/30/2009 11:04 AM <DIR> ..
11/30/2009 11:04 AM <DIR> LQCVFX
12/02/2009 10:12 PM <DIR> Updater
0 File(s) 0 bytes
4 Dir(s) 21,943,541,760 bytes free


* MBAM


Malwarebytes' Anti-Malware 1.42
Database version: 3383
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/18/2009 9:41:14 AM
mbam-log-2009-12-18 (09-41-14).txt

Scan type: Quick Scan
Objects scanned: 110422
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


* Kaspersky log


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, December 18, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, December 18, 2009 13:50:25
Records in database: 3384881
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 244237
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 10:48:26

No threats found. Scanned area is clean.

Selected area has been scanned.


* OTL.txt


OTL logfile created on: 12/18/2009 8:27:42 PM - Run 1
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Users\Nicole\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.95% Memory free
4.00 Gb Paging File | 2.55 Gb Available in Paging File | 63.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.54 Gb Total Space | 20.33 Gb Free Space | 19.64% Space Free | Partition Type: NTFS
Drive D: | 8.25 Gb Total Space | 1.88 Gb Free Space | 22.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 976.13 Mb Total Space | 182.89 Mb Free Space | 18.74% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLE-PC
Current User Name: Nicole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/18 20:26:07 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
PRC - [2009/12/09 17:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/11/22 16:56:37 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/22 16:56:34 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/05 10:10:21 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/31 22:16:08 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Users\Nicole\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/30 21:55:59 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/07 01:47:34 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/10/02 22:32:51 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/09/13 17:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/07/02 16:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/21 18:57:00 | 00,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/23 16:49:56 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/04/11 00:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 00:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/19 13:47:14 | 00,369,223 | ---- | M] (Plaxo, Inc.) -- C:\Users\Nicole\AppData\Local\Plaxo\3.17.0.16\PlaxoHelper_en.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/09/26 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/16 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/07/16 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2008/07/16 20:50:00 | 00,013,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
PRC - [2008/03/25 19:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 19:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/25 19:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/02/11 20:13:12 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/02/11 20:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/02/11 20:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/02/11 20:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/01/19 01:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 01:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2007/12/21 17:58:30 | 00,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2007/12/19 18:27:50 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/10/25 10:05:40 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 10:04:56 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 10:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/10/25 07:23:36 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
PRC - [2007/10/14 20:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/10/03 14:15:40 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/10/01 15:10:20 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/09/26 06:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/09/12 04:40:38 | 00,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2007/07/10 05:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/06/11 09:57:58 | 00,184,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/05/16 11:43:04 | 00,677,432 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/04/19 14:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


========== Modules (SafeList) ==========

MOD - [2009/12/18 20:26:07 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
MOD - [2009/04/11 00:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - [2009/11/22 16:56:34 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/07 01:47:34 | 00,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/24 19:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/02 16:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/06/25 20:47:01 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9f608655a2e70) Google Update Service (gupdate1c9f608655a2e70)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/21 20:21:18 | 00,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/23 16:49:56 | 00,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/15 21:56:37 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/26 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/16 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 10:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/07/10 05:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/05/24 06:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/04/19 14:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/03/05 11:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/17 08:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 10:36:58 | 00,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 01:46:36 | 00,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/23 06:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 22:48:42 | 00,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/06/18 17:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/06/18 17:48:04 | 00,042,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/05/09 00:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/30 23:01:36 | 00,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 22:55:58 | 02,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 22:55:34 | 00,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/04/10 22:42:54 | 00,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/11/20 13:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/10/23 02:16:28 | 01,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/23 02:16:28 | 01,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2008/07/22 07:42:58 | 00,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/07/16 20:50:00 | 00,064,232 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/07/16 20:50:00 | 00,052,104 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/03/04 01:32:00 | 00,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/02/11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/01/08 18:58:46 | 00,165,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/11 20:00:43 | 00,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/01 21:15:25 | 00,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/07/10 05:27:56 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/29 05:07:54 | 00,163,328 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/06/20 02:29:56 | 00,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 02:28:34 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 02:28:22 | 00,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/05/11 21:09:50 | 00,043,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/05/04 08:11:32 | 02,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/03/21 18:58:56 | 00,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/11/30 12:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 03:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 01,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/02 01:30:54 | 00,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2006/11/02 01:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/28 11:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/18 17:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.net/
IE - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\S-1-5-21-1006857966-120873309-3025681479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\S-1-5-21-1006857966-120873309-3025681479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.netscape.net"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/15 19:40:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/15 19:40:31 | 00,000,000 | ---D | M]

[2009/09/09 17:48:43 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Mozilla\Extensions
[2009/09/09 17:48:43 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/12/03 17:50:04 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\ru96s751.default\extensions
[2009/10/15 16:32:57 | 00,000,000 | ---D | M] (PDF Download) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\ru96s751.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/05 10:34:27 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\ru96s751.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/30 12:01:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/29 09:36:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\searchme@searchme.com
[2009/11/12 20:07:25 | 00,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml
[2009/03/13 03:39:56 | 00,002,494 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\searchme.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000..\Run: [Google Update] C:\Users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000..\Run: [PlaxoSysTray] C:\Users\Nicole\AppData\Local\Plaxo\3.17.0.16\plaxosystray.exe (Plaxo, Inc.)
O4 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000..\Run: [PlaxoUpdate] C:\Users\Nicole\AppData\Local\Plaxo\3.17.0.16\PlaxoHelper_en.exe (Plaxo, Inc.)
O4 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-19\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1006857966-120873309-3025681479-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/02 13:22:45 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2009/12/17 21:53:24 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/18 20:26:06 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
[2009/12/17 22:59:05 | 00,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\temp
[2009/12/17 22:46:52 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/17 22:42:22 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/12/17 13:47:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/17 13:47:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/17 13:47:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/17 13:47:34 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/17 13:47:15 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/17 13:46:35 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/08 16:24:35 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/08 16:24:21 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/08 15:47:14 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/08 15:47:13 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/08 15:47:10 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/08 15:47:08 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/08 15:47:07 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/08 15:47:06 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/08 15:47:05 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/08 15:47:05 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/08 15:47:04 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/08 15:47:04 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/08 15:47:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/08 15:47:02 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/08 15:47:02 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/08 15:47:02 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/08 15:44:26 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/03 11:31:45 | 00,472,064 | ---- | C] ( ) -- C:\Users\Nicole\Desktop\RootRepeal.exe
[2009/12/02 22:20:03 | 00,000,000 | ---D | C] -- C:\Users\Nicole\Documents\SightSpeed Recordings
[2009/11/30 12:01:38 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/30 12:01:38 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/30 12:01:38 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/30 11:29:03 | 00,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\LogiShrd
[2009/11/30 11:18:13 | 00,000,000 | ---D | C] -- C:\Users\Nicole\Tracing
[2009/11/30 11:18:12 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/11/30 11:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/11/30 11:16:16 | 00,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2009/11/30 11:13:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/30 11:12:28 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/11/30 11:06:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/11/30 11:06:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/11/30 11:05:50 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/11/30 11:05:15 | 00,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2009/11/30 10:53:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/30 10:33:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/11/27 08:42:50 | 00,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes
[2009/11/27 08:42:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/27 08:42:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/27 08:42:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/27 08:42:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/25 08:36:25 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 07:46:48 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/21 18:40:47 | 00,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\ElevatedDiagnostics
[2009/11/21 18:39:00 | 00,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2009/11/21 18:34:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2009/11/19 23:44:42 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2002/03/11 03:06:30 | 01,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002/03/11 02:45:04 | 01,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

========== Files - Modified Within 30 Days ==========

[2009/12/18 21:01:16 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/18 20:51:25 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/18 20:51:25 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/18 20:27:00 | 09,961,472 | -HS- | M] () -- C:\Users\Nicole\NTUSER.DAT
[2009/12/18 20:26:07 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
[2009/12/18 20:21:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1006857966-120873309-3025681479-1000UA.job
[2009/12/18 20:15:00 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/12/18 19:01:02 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/18 09:15:33 | 00,000,061 | ---- | M] () -- C:\Users\Nicole\Desktop\folder.bat
[2009/12/18 08:57:23 | 00,047,616 | ---- | M] () -- C:\Users\Nicole\Desktop\Win32kDiag.exe
[2009/12/18 08:50:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/17 23:30:43 | 00,000,041 | ---- | M] () -- C:\Users\Nicole\fixme.bat
[2009/12/17 23:30:43 | 00,000,041 | ---- | M] () -- C:\fixme.bat
[2009/12/17 23:24:35 | 00,077,312 | ---- | M] () -- C:\Users\Nicole\mbr.exe
[2009/12/17 23:24:35 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2009/12/17 23:21:00 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1006857966-120873309-3025681479-1000Core.job
[2009/12/17 23:09:12 | 00,002,627 | ---- | M] () -- C:\Users\Nicole\Desktop\Microsoft Office Word 2007.lnk
[2009/12/17 23:07:44 | 00,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/12/17 23:04:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/17 23:04:23 | 21,370,22464 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/17 23:03:24 | 00,524,288 | -HS- | M] () -- C:\Users\Nicole\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/17 23:03:24 | 00,065,536 | -HS- | M] () -- C:\Users\Nicole\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/17 23:03:21 | 04,224,697 | -H-- | M] () -- C:\Users\Nicole\AppData\Local\IconCache.db
[2009/12/17 22:47:32 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/17 22:46:45 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/17 17:28:10 | 00,002,595 | ---- | M] () -- C:\Users\Nicole\Desktop\Microsoft Office PowerPoint 2007.lnk
[2009/12/17 17:28:07 | 00,002,585 | ---- | M] () -- C:\Users\Nicole\Desktop\Microsoft Office Excel 2007.lnk
[2009/12/17 13:45:14 | 03,854,383 | R--- | M] () -- C:\Users\Nicole\Desktop\thcbytes.exe
[2009/12/17 13:39:28 | 00,262,656 | ---- | M] () -- C:\Users\Nicole\Desktop\rkill.pif
[2009/12/16 10:41:32 | 00,002,633 | ---- | M] () -- C:\Users\Nicole\Desktop\Microsoft Office Outlook 2007.lnk
[2009/12/16 10:35:33 | 00,642,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/16 10:35:31 | 00,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/16 10:35:07 | 00,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/15 12:00:42 | 00,066,560 | ---- | M] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2009/12/03 19:30:14 | 00,032,768 | ---- | M] () -- C:\Users\Nicole\Documents\Pour Forum - Modif pour 2ème topic - corrected.doc
[2009/12/03 18:47:04 | 00,027,136 | ---- | M] () -- C:\Users\Nicole\Documents\Malwarebytes 18-45-10.doc
[2009/12/03 16:27:35 | 00,193,536 | ---- | M] () -- C:\Users\Nicole\Documents\GMER 2009-12-03 16-20-51.doc
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/03 14:54:30 | 00,027,136 | ---- | M] () -- C:\Users\Nicole\Documents\Malwarebytes 14-52-46.doc
[2009/12/03 12:45:05 | 00,027,136 | ---- | M] () -- C:\Users\Nicole\Documents\Malwarebytes 12-42-05.doc
[2009/12/03 12:20:04 | 00,067,584 | ---- | M] () -- C:\Users\Nicole\Documents\Rootrepeal log.doc
[2009/12/03 11:33:04 | 00,000,000 | ---- | M] () -- C:\Users\Nicole\Desktop\settings.dat
[2009/12/03 11:32:20 | 00,472,064 | ---- | M] ( ) -- C:\Users\Nicole\Desktop\RootRepeal.exe
[2009/12/03 11:20:48 | 00,065,536 | ---- | M] () -- C:\Users\Nicole\Documents\DDS log1.doc
[2009/12/03 11:18:31 | 00,041,984 | ---- | M] () -- C:\Users\Nicole\Documents\DDS log2attach.doc
[2009/12/03 11:09:14 | 00,524,288 | ---- | M] () -- C:\Users\Nicole\Desktop\dds.scr
[2009/12/01 17:14:58 | 00,023,040 | ---- | M] () -- C:\Users\Nicole\Documents\Pour Forum - Modif pour 2ème topic.doc
[2009/11/30 11:05:50 | 00,000,930 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid.lnk
[2009/11/30 11:05:01 | 00,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2009/11/30 10:05:02 | 00,110,034 | ---- | M] () -- C:\Users\Nicole\Documents\Trojan detected and deleted by Microsoft Security Essentials.jpg
[2009/11/30 10:02:39 | 00,049,117 | ---- | M] () -- C:\Users\Nicole\Documents\Trojan deleted by Microsoft Security Essentials 2bis.jpg
[2009/11/30 10:01:45 | 00,101,190 | ---- | M] () -- C:\Users\Nicole\Documents\Trojan deleted by Microsoft Security Essentials 2.jpg
[2009/11/30 09:59:16 | 00,058,043 | ---- | M] () -- C:\Users\Nicole\Documents\Trojan detected by Microsoft Security Essentials 1bis.jpg
[2009/11/30 09:58:28 | 00,109,855 | ---- | M] () -- C:\Users\Nicole\Documents\Trojan detected by Microsoft Security Essentials 1.jpg
[2009/11/30 09:56:43 | 00,089,413 | ---- | M] () -- C:\Users\Nicole\Documents\Trojan detected by Microsoft Security Essentials 0.jpg
[2009/11/30 09:13:38 | 00,090,632 | ---- | M] () -- C:\Users\Nicole\Documents\Trojan deleted by Windows Defender 2.jpg
[2009/11/30 09:12:26 | 00,092,354 | ---- | M] () -- C:\Users\Nicole\Documents\Trojan detected by Windows Defender 1.jpg
[2009/11/29 17:40:18 | 00,023,040 | ---- | M] () -- C:\Users\Nicole\Documents\Pour Forum.doc
[2009/11/29 15:44:50 | 00,030,720 | ---- | M] () -- C:\Users\Nicole\Documents\GMER 2009-11-28 15-39-17.doc
[2009/11/29 15:18:46 | 00,027,648 | ---- | M] () -- C:\Users\Nicole\Documents\Malwarebytes 15-16-17.doc
[2009/11/29 14:46:49 | 00,027,648 | ---- | M] () -- C:\Users\Nicole\Documents\Malwarebytes 19-43-02.doc
[2009/11/29 14:06:33 | 00,000,162 | -H-- | M] () -- C:\Users\Nicole\Documents\~$lwarebytes Viruses deleted.doc
[2009/11/29 13:01:26 | 00,111,568 | ---- | M] () -- C:\Users\Nicole\Documents\Regcurelog.jpg
[2009/11/28 19:47:22 | 00,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNicole.job
[2009/11/27 21:39:57 | 00,030,720 | ---- | M] () -- C:\Users\Nicole\Documents\GMER 2009-11-27 21-36-26.doc
[2009/11/27 09:27:48 | 00,027,136 | ---- | M] () -- C:\Users\Nicole\Documents\Malwarebytes 09-25-28.doc
[2009/11/27 09:24:04 | 00,106,263 | ---- | M] () -- C:\Users\Nicole\Documents\Viruses detected Malwarebutes.jpg
[2009/11/27 08:42:41 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/26 17:13:37 | 00,129,220 | ---- | M] () -- C:\Users\Nicole\Documents\Virus Trojan.jpg
[2009/11/21 18:46:25 | 00,071,298 | ---- | M] () -- C:\Users\Nicole\Documents\CD-DVDfix.HTM
[2009/11/21 18:36:24 | 02,949,120 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2009/11/21 18:36:24 | 00,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2009/11/21 18:36:24 | 00,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2009/11/21 00:35:38 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/11/21 00:35:38 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/11/21 00:34:58 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/11/21 00:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/11/21 00:34:39 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/11/21 00:34:39 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/11/21 00:34:39 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/11/21 00:34:38 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/11/21 00:34:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/11/21 00:34:33 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/11/20 22:59:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/11/20 22:59:52 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/11/20 22:59:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/11/20 22:58:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/20 14:41:38 | 00,077,352 | ---- | M] () -- C:\Windows\hpqins05.dat
[2009/11/20 14:21:11 | 00,000,680 | ---- | M] () -- C:\Users\Nicole\AppData\Local\d3d9caps.dat
[2009/11/20 13:36:09 | 00,481,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/20 08:39:55 | 00,139,088 | ---- | M] () -- C:\Users\Nicole\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/19 23:43:10 | 00,001,176 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

========== Files Created - No Company Name ==========

[2009/12/18 09:15:33 | 00,000,061 | ---- | C] () -- C:\Users\Nicole\Desktop\folder.bat
[2009/12/18 08:56:53 | 00,047,616 | ---- | C] () -- C:\Users\Nicole\Desktop\Win32kDiag.exe
[2009/12/17 23:31:36 | 00,000,041 | ---- | C] () -- C:\fixme.bat
[2009/12/17 23:30:43 | 00,000,041 | ---- | C] () -- C:\Users\Nicole\fixme.bat
[2009/12/17 23:26:58 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2009/12/17 23:24:35 | 00,077,312 | ---- | C] () -- C:\Users\Nicole\mbr.exe
[2009/12/17 13:47:34 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/17 13:47:34 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/12/17 13:47:34 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/17 13:47:34 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/17 13:47:34 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/17 13:45:13 | 03,854,383 | R--- | C] () -- C:\Users\Nicole\Desktop\thcbytes.exe
[2009/12/17 13:39:28 | 00,262,656 | ---- | C] () -- C:\Users\Nicole\Desktop\rkill.pif
[2009/12/08 15:17:16 | 00,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2009/12/03 18:47:02 | 00,027,136 | ---- | C] () -- C:\Users\Nicole\Documents\Malwarebytes 18-45-10.doc
[2009/12/03 16:27:33 | 00,193,536 | ---- | C] () -- C:\Users\Nicole\Documents\GMER 2009-12-03 16-20-51.doc
[2009/12/03 14:54:29 | 00,027,136 | ---- | C] () -- C:\Users\Nicole\Documents\Malwarebytes 14-52-46.doc
[2009/12/03 12:45:03 | 00,027,136 | ---- | C] () -- C:\Users\Nicole\Documents\Malwarebytes 12-42-05.doc
[2009/12/03 12:20:02 | 00,067,584 | ---- | C] () -- C:\Users\Nicole\Documents\Rootrepeal log.doc
[2009/12/03 11:33:04 | 00,000,000 | ---- | C] () -- C:\Users\Nicole\Desktop\settings.dat
[2009/12/03 11:20:47 | 00,065,536 | ---- | C] () -- C:\Users\Nicole\Documents\DDS log1.doc
[2009/12/03 11:18:29 | 00,041,984 | ---- | C] () -- C:\Users\Nicole\Documents\DDS log2attach.doc
[2009/12/03 11:08:52 | 00,524,288 | ---- | C] () -- C:\Users\Nicole\Desktop\dds.scr
[2009/12/02 22:37:36 | 00,032,768 | ---- | C] () -- C:\Users\Nicole\Documents\Pour Forum - Modif pour 2ème topic - corrected.doc
[2009/12/02 22:18:11 | 00,023,040 | ---- | C] () -- C:\Users\Nicole\Documents\Pour Forum - Modif pour 2ème topic.doc
[2009/11/30 11:05:50 | 00,000,930 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid.lnk
[2009/11/30 11:05:01 | 00,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2009/11/30 10:05:01 | 00,110,034 | ---- | C] () -- C:\Users\Nicole\Documents\Trojan detected and deleted by Microsoft Security Essentials.jpg
[2009/11/30 10:02:39 | 00,049,117 | ---- | C] () -- C:\Users\Nicole\Documents\Trojan deleted by Microsoft Security Essentials 2bis.jpg
[2009/11/30 10:01:44 | 00,101,190 | ---- | C] () -- C:\Users\Nicole\Documents\Trojan deleted by Microsoft Security Essentials 2.jpg
[2009/11/30 09:59:16 | 00,058,043 | ---- | C] () -- C:\Users\Nicole\Documents\Trojan detected by Microsoft Security Essentials 1bis.jpg
[2009/11/30 09:58:28 | 00,109,855 | ---- | C] () -- C:\Users\Nicole\Documents\Trojan detected by Microsoft Security Essentials 1.jpg
[2009/11/30 09:56:42 | 00,089,413 | ---- | C] () -- C:\Users\Nicole\Documents\Trojan detected by Microsoft Security Essentials 0.jpg
[2009/11/30 09:13:38 | 00,090,632 | ---- | C] () -- C:\Users\Nicole\Documents\Trojan deleted by Windows Defender 2.jpg
[2009/11/30 09:12:25 | 00,092,354 | ---- | C] () -- C:\Users\Nicole\Documents\Trojan detected by Windows Defender 1.jpg
[2009/11/29 17:31:13 | 00,023,040 | ---- | C] () -- C:\Users\Nicole\Documents\Pour Forum.doc
[2009/11/29 15:44:44 | 00,030,720 | ---- | C] () -- C:\Users\Nicole\Documents\GMER 2009-11-28 15-39-17.doc
[2009/11/29 15:18:44 | 00,027,648 | ---- | C] () -- C:\Users\Nicole\Documents\Malwarebytes 15-16-17.doc
[2009/11/29 14:11:35 | 00,027,648 | ---- | C] () -- C:\Users\Nicole\Documents\Malwarebytes 19-43-02.doc
[2009/11/29 14:06:33 | 00,000,162 | -H-- | C] () -- C:\Users\Nicole\Documents\~$lwarebytes Viruses deleted.doc
[2009/11/29 13:01:25 | 00,111,568 | ---- | C] () -- C:\Users\Nicole\Documents\Regcurelog.jpg
[2009/11/27 21:39:55 | 00,030,720 | ---- | C] () -- C:\Users\Nicole\Documents\GMER 2009-11-27 21-36-26.doc
[2009/11/27 09:27:46 | 00,027,136 | ---- | C] () -- C:\Users\Nicole\Documents\Malwarebytes 09-25-28.doc
[2009/11/27 09:24:04 | 00,106,263 | ---- | C] () -- C:\Users\Nicole\Documents\Viruses detected Malwarebutes.jpg
[2009/11/27 08:42:41 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/26 17:13:36 | 00,129,220 | ---- | C] () -- C:\Users\Nicole\Documents\Virus Trojan.jpg
[2009/11/21 18:46:20 | 00,071,298 | ---- | C] () -- C:\Users\Nicole\Documents\CD-DVDfix.HTM
[2009/11/21 18:35:22 | 00,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2009/11/21 18:35:22 | 00,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2009/11/21 18:35:21 | 02,949,120 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2009/11/20 13:28:48 | 00,000,326 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForNicole.job
[2009/11/19 23:43:10 | 00,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/11/19 23:40:40 | 00,077,352 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/11/14 11:25:26 | 00,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2009/11/10 10:27:36 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/30 13:27:06 | 00,000,680 | ---- | C] () -- C:\Users\Nicole\AppData\Local\d3d9caps.dat
[2009/10/07 01:46:36 | 00,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 00,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/23 21:06:08 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/30 22:39:36 | 00,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/17 21:44:38 | 00,001,995 | ---- | C] () -- C:\Windows\AccMling.ini
[2009/03/01 11:56:09 | 00,000,124 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\Au_.txt
[2008/09/20 16:34:13 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/20 14:49:18 | 00,000,217 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\PrimoPDFSet.xml
[2008/09/20 14:39:15 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/07/26 13:55:20 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/07/26 13:55:20 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/06/20 05:27:06 | 01,790,252 | ---- | C] () -- C:\Users\Nicole\AppData\Local\rx_image.Cache
[2008/05/29 14:56:11 | 00,037,375 | ---- | C] () -- C:\Program Files\openoffice.org-xsltfilter.cab
[2008/05/29 14:56:10 | 02,490,452 | ---- | C] () -- C:\Program Files\openoffice.org-writer.cab
[2008/05/29 14:56:02 | 00,207,388 | ---- | C] () -- C:\Program Files\openoffice.org-testtool.cab
[2008/05/29 14:55:59 | 02,504,975 | ---- | C] () -- C:\Program Files\openoffice.org-pyuno.cab
[2008/05/29 14:55:39 | 00,051,973 | ---- | C] () -- C:\Program Files\openoffice.org-onlineupdate.cab
[2008/05/29 14:55:38 | 01,090,334 | ---- | C] () -- C:\Program Files\openoffice.org-math.cab
[2008/05/29 14:55:33 | 00,118,910 | ---- | C] () -- C:\Program Files\openoffice.org-javafilter.cab
[2008/05/29 14:55:32 | 01,254,017 | ---- | C] () -- C:\Program Files\openoffice.org-impress.cab
[2008/05/29 14:55:26 | 00,086,870 | ---- | C] () -- C:\Program Files\openoffice.org-graphicfilter.cab
[2008/05/29 14:55:25 | 00,919,329 | ---- | C] () -- C:\Program Files\openoffice.org-draw.cab
[2008/05/29 14:55:25 | 00,002,769 | ---- | C] () -- C:\Program Files\openoffice.org-emailmerge.cab
[2008/05/29 14:55:20 | 02,031,954 | ---- | C] () -- C:\Program Files\openoffice.org-core09.cab
[2008/05/29 14:55:14 | 00,293,078 | ---- | C] () -- C:\Program Files\openoffice.org-core08.cab
[2008/05/29 14:55:07 | 03,842,531 | ---- | C] () -- C:\Program Files\openoffice.org-core07.cab
[2008/05/29 14:54:57 | 28,847,705 | ---- | C] () -- C:\Program Files\openoffice.org-core06.cab
[2008/05/29 14:50:50 | 18,634,513 | ---- | C] () -- C:\Program Files\openoffice.org-core05.cab
[2008/05/29 14:49:37 | 16,503,595 | ---- | C] () -- C:\Program Files\openoffice.org-core04.cab
[2008/05/29 14:48:32 | 09,117,929 | ---- | C] () -- C:\Program Files\openoffice.org-core03.cab
[2008/05/29 14:48:10 | 03,860,980 | ---- | C] () -- C:\Program Files\openoffice.org-core02.cab
[2008/05/29 14:47:56 | 15,104,219 | ---- | C] () -- C:\Program Files\openoffice.org-core01.cab
[2008/05/29 14:47:19 | 04,694,039 | ---- | C] () -- C:\Program Files\openoffice.org-calc.cab
[2008/05/29 14:47:00 | 01,803,630 | ---- | C] () -- C:\Program Files\openoffice.org-base.cab
[2008/05/29 14:46:51 | 00,043,005 | ---- | C] () -- C:\Program Files\openoffice.org-activex.cab
[2008/05/29 14:46:45 | 04,372,992 | ---- | C] () -- C:\Program Files\openofficeorg24.msi
[2008/05/29 14:46:45 | 00,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2008/04/28 10:13:33 | 00,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/04/12 18:26:45 | 00,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\wklnhst.dat
[2008/03/20 14:04:31 | 00,004,096 | -H-- | C] () -- C:\Users\Nicole\AppData\Local\keyfile3.drm
[2008/03/16 15:14:17 | 00,000,170 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2008/03/16 15:13:12 | 00,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/10 21:44:55 | 00,038,454 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/01/08 13:52:19 | 05,188,969 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\UserTile.png
[2008/01/02 16:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 16:47:22 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/24 17:35:41 | 00,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\FnF4.txt
[2007/11/11 14:56:21 | 00,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2007/10/02 17:00:00 | 00,066,560 | ---- | C] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/01 19:53:52 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/30 20:19:56 | 00,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\QSwitch.txt
[2007/09/30 20:19:56 | 00,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\DSwitch.txt
[2007/09/30 20:19:56 | 00,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\AtStart.txt
[2007/07/02 13:08:26 | 00,004,392 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/05/31 05:14:00 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/05/31 04:49:06 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/02/27 14:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 00:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 00:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2008/08/09 20:12:05 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Canon
[2009/03/01 17:35:10 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Comcast
[2008/05/22 11:11:00 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\demo
[2008/09/23 16:59:27 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\GetRightToGo
[2009/11/30 11:05:15 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2008/04/12 18:25:15 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\muvee Technologies
[2009/11/12 20:07:49 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\MyHeritage
[2009/03/01 11:56:09 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Simple Star
[2009/03/01 12:31:24 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TaxCut
[2008/04/12 18:26:46 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Template
[2008/03/16 15:13:10 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2009/09/09 17:48:30 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TomTom
[2007/10/16 17:29:28 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Ultimate French
[2008/11/28 18:04:41 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\WildTangent
[2009/12/17 23:03:27 | 00,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:6F1F66C0
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A6CD15C3
< End of report >


* Extra.txt


OTL Extras logfile created on: 12/18/2009 8:27:42 PM - Run 1
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Users\Nicole\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.95% Memory free
4.00 Gb Paging File | 2.55 Gb Available in Paging File | 63.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.54 Gb Total Space | 20.33 Gb Free Space | 19.64% Space Free | Partition Type: NTFS
Drive D: | 8.25 Gb Total Space | 1.88 Gb Free Space | 22.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 976.13 Mb Total Space | 182.89 Mb Free Space | 18.74% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLE-PC
Current User Name: Nicole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1006857966-120873309-3025681479-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F1C748F-E7FA-4D5C-A384-1BBDDF62B525}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{41BE6B9D-D856-432C-BBDE-B148FFD02AC9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D70593F3-C044-403B-8E82-F53C5BAFD2E6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D1C5464-6FDA-40B1-819C-26984B4F1016}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{1A0A9032-E4F6-48A6-A875-22D775C2603D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1A91034A-6DF5-440F-9B82-16335412FBD0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{238FABBF-6011-4EC3-98F9-D63918DA3DE4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2DAB04AE-709C-4E57-A3EA-BFB624BD6042}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{30FB8193-7A3B-4606-BD47-7565EC020E64}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4158F864-7AAB-4BB4-8A4A-D0B6DEDCEFC2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47BD9AAF-1049-45D4-8D77-A4DB302535F0}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{4E9741F4-C312-401B-A54A-F3907A249620}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{585AB6EE-16B8-41F1-BCFB-C3FFEBBBF8C7}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{5CFD86C2-E69C-4570-9CD9-8355830F49ED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68A51392-8536-4938-907B-45130DCA4EC6}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6D00CA27-33A4-49D7-8978-0A51EACF0C46}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{77204871-9832-4455-9E8D-7C3C4D72E2F9}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{82110467-1618-4FE8-8E7F-25E84678EB47}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{84170A12-FB70-4D45-8864-B1F0AB215986}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{91D61105-8DA3-4C92-B76D-BD875BEE2EA9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{A4D669F0-460E-4A03-8AF5-3C81618A71B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0077E01-DBA7-41CD-8D02-2B3A0EAB87B0}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{B05D60CC-C860-4710-BA83-42E1A692950F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B1FDA000-D535-4EED-B780-096BB9582FFB}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{B868F5A7-E2D6-494A-9D07-B4D3A2D401B4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C53B0B0E-587F-46E9-A471-77CEC1E69A87}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{CC4BE391-3F1A-44DD-A88D-431FD658F737}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CEE26C4B-705C-44EA-B23A-C21BC10373DC}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F23C047B-4426-4AAD-ADDA-C8D49375B880}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F3B4F889-CD88-4CBF-81C1-37D525E21CE5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FF2A7C84-E427-4623-813D-FFB61AF82C11}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{47D5478F-0371-47D4-B529-C76DF300B364}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5A5FF5EE-7566-42FC-9BA8-6E8FAE029C7E}C:\program files\best buy rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\best buy rhapsody\rhapsody.exe |
"TCP Query User{A1E5C02B-4D4F-4F8B-A350-11073FA483D2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CE6AEC81-EAF8-4850-8734-F06C4EF12E0D}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"TCP Query User{F4E79FCC-51F4-440D-B869-FB48E455B4D3}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{3F41968C-D884-4481-B26E-B43AF0E1AB1A}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{5637007F-079E-416F-8A2E-889E62412E56}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{723591A0-FB7C-46DA-80B0-B206781CF136}C:\program files\best buy rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\best buy rhapsody\rhapsody.exe |
"UDP Query User{78563008-2FD2-47D2-BB0D-EF708CE042B4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E7354F62-BE96-407F-B395-C35883C8AC92}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}" = ArcSoft PhotoStudio 5.5
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66C1DD9B-02D8-4A31-B54C-FE8DC76F25D4}" = HP User Guides 0078
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DB112A17-2A8F-412A-82AD-78F65A1DFBC2}" = The Ultimate French Review and Practice CD-ROM
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FADF9FC1-8ACD-4E2A-953E-FC4AC7A61143}" = TaxCut Tennessee 2008
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Best Buy Digital Music Store" = Best Buy Digital Music Store
"BFGC" = Big Fish Games Client
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville â„¢
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"E.M. DVD Copy_is1" = E.M. DVD Copy 2.20
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Family Tree Builder" = MyHeritage Family Tree Builder
"Freeze Clip Art" = Freeze Clip Art
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{DB112A17-2A8F-412A-82AD-78F65A1DFBC2}" = The Ultimate French Review and Practice CD-ROM
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MySpanishInstructor" = MySpanishInstructor
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PrimoPDF4.1.0.9" = PrimoPDF
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"TomTom HOME" = TomTom HOME 2.7.2.1825
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WNWFLDV19" = WNW Five Language Dictionary v1.9
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1006857966-120873309-3025681479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Plaxo" = Plaxo Toolbar for Windows

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2008 9:50:39 PM | Computer Name = Nicole-PC | Source = Perflib | ID = 1005
Description =

Error - 12/26/2008 9:50:39 PM | Computer Name = Nicole-PC | Source = Perflib | ID = 1017
Description =

Error - 12/28/2008 5:26:17 PM | Computer Name = Nicole-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.6316.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1364 Start Time: 01c96932beb7ed80 Termination Time: 109

Error - 1/2/2009 2:28:50 PM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6001.18115, time stamp
0x489807f1, faulting module KERNEL32.dll, version 6.0.6001.18000, time stamp 0x4791a76d,
exception code 0xe0434f4d, fault offset 0x000442eb, process id 0x105c, application
start time 0x01c96d06cf0c8f60.

Error - 1/6/2009 12:07:49 PM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application SoftwareUpdate.exe, version 2.1.1.116, time stamp
0x488a4f1f, faulting module msscript.ocx_unloaded, version 0.0.0.0, time stamp
0x4791a706, exception code 0xc0000005, fault offset 0x6fde8894, process id 0x10c0,
application start time 0x01c97018ae901d00.

Error - 1/7/2009 12:08:29 AM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroDist.exe, version 9.0.0.332, time stamp 0x4850b770,
faulting module AcroDistDLL.dll, version 9.0.0.332, time stamp 0x4850b762, exception
code 0xc0000005, fault offset 0x001ed704, process id 0x18dc, application start time
0x01c9707d8cf4bc90.

Error - 1/8/2009 9:00:17 AM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module JScript.dll, version 5.7.0.18068, time stamp 0x482376a4,
exception code 0xc0000005, fault offset 0x00020c73, process id 0x151c, application
start time 0x01c9718f2a1d9e80.

Error - 1/8/2009 3:39:57 PM | Computer Name = Nicole-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 6100 (0x17d4) Thread address : 0x77409A94 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Users\Nicole\Downloads\zb611upd-en.exe

by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 1/8/2009 11:28:27 PM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6001.18115, time stamp
0x489807f1, faulting module KERNEL32.dll, version 6.0.6001.18000, time stamp 0x4791a76d,
exception code 0xe0434f4d, fault offset 0x000442eb, process id 0x820, application
start time 0x01c97209a5e58b70.

Error - 1/10/2009 8:22:45 PM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application OUTLOOK.EXE, version 12.0.6316.5000, time stamp
0x4833a470, faulting module OLEAUT32.dll, version 6.0.6001.18000, time stamp 0x4791a74f,
exception code 0xc0000005, fault offset 0x000045ac, process id 0x17d4, application
start time 0x01c9733441ae2820.

[ Media Center Events ]
Error - 6/6/2008 8:31:31 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 8:04:40 AM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/28/2008 4:24:21 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 3/15/2009 3:22:27 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/8/2009 2:13:08 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 5/12/2009 4:36:05 PM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 30479
seconds with 600 seconds of active time. This session ended with a crash.

Error - 6/29/2009 8:01:07 PM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37722
seconds with 3720 seconds of active time. This session ended with a crash.

Error - 8/6/2009 9:19:43 AM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 144
seconds with 120 seconds of active time. This session ended with a crash.

Error - 8/11/2009 5:40:46 PM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31911
seconds with 2880 seconds of active time. This session ended with a crash.

Error - 8/14/2009 8:23:02 AM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 349
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/2/2009 4:05:29 AM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 59389
seconds with 780 seconds of active time. This session ended with a crash.

Error - 9/21/2009 9:32:57 AM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/21/2009 9:33:18 AM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/17/2009 11:13:29 PM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2622
seconds with 360 seconds of active time. This session ended with a crash.

Error - 10/17/2009 11:14:56 PM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 75
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/18/2009 12:29:37 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 12/18/2009 12:30:07 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 12/18/2009 12:30:42 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/18/2009 12:42:29 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/18/2009 12:44:51 AM | Computer Name = Nicole-PC | Source = Print | ID = 54
Description = Document log - Notepad failed to print and was deleted because of
corruption in the spooled file. The associated driver is: HP Deskjet F4200 series.
Try printing the document again.

Error - 12/18/2009 12:46:26 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/18/2009 12:46:26 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/18/2009 1:06:19 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/18/2009 1:06:19 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/18/2009 11:47:01 AM | Computer Name = Nicole-PC | Source = DCOM | ID = 10005
Description =


< End of report >


I did not perform the ESET Online Scan, since I let Kaspersky scan all the way through. Would you like me to do it anyway?

Also, should I reboot my laptop after completion of all these procedures? Is it OK now to turn back on and enable the real-time scans of my anti-malware and anti-virus programs?

Thanks again for all your help! I sincerely appreciate it! :(

Best regards.

Edited by elocine, 18 December 2009 - 10:10 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users