Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects / RUNDLL kiremava.dll error / Had bisomasu.dll error / Still infected


  • This topic is locked This topic is locked
45 replies to this topic

#1 twiceshy

twiceshy

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 09 January 2010 - 07:00 AM

HI, I was browsing the internet and got the Internet 2010 malware and maybe 10-12 Trojans. I did some clean-up using McAfee and Ad Aware programs. But when I rebooted I was getting many executable programs failing with the message "error loading c:\windows\system32\bisomasu.dll"

I used one of the download.bleepingcomputer.com/grinler/rkill programs as well as ran the AVZ.exe which seemed to clean up bisomasu.dll. The only error loading message I get now on reboot is the pop-up RUNDLL error loading c:\windows\system32\kiremava.dll

However, my google browser redirects to different sites and says my gmail certificate is not recognized as trustworthy in both firefox and IE. I even tried to re-install firefox and it redirected me to a fake site that look just like the real deal to download a virus executable which McAfee found and cleaned instantly. Once I cut and pasted the right url and installed a fresh copy of Firefox, it is still redirecting.

I'm clearly still infected. I would be most appreciative if you would help me. Thank you.

DDS (Ver_09-12-01.01) - NTFSx86
Run by M T at 6:37:47.73 on Sat 01/09/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.227 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Matthew Tremmel\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [msmuwuqp] c:\documents and settings\matthew tremmel\local settings\application data\xmsomy\bvemsysguard.exe
uRun: [fcllairn] c:\documents and settings\matthew tremmel\local settings\application data\xnepfj\vitvsysguard.exe
uRun: [bmdvwaet] c:\documents and settings\matthew tremmel\local settings\application data\cbfqpx\mgrisysguard.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [<NO NAME>]
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [msmuwuqp] c:\documents and settings\matthew tremmel\local settings\application data\xmsomy\bvemsysguard.exe
mRun: [fcllairn] c:\documents and settings\matthew tremmel\local settings\application data\xnepfj\vitvsysguard.exe
mRun: [bmdvwaet] c:\documents and settings\matthew tremmel\local settings\application data\cbfqpx\mgrisysguard.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Pziluhoneni] rundll32.exe "c:\windows\ecehisiquyic.dll",Startup
mRun: [tipejofam] Rundll32.exe "c:\windows\system32\kiremava.dll",a
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\firepo~1.lnk - e:\program files\presonus\1394audiodriver_firepod\FirePod.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: turbotax.com
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220655070671
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail.dstsystems.com/,DanaInfo=dstnmw04.dstsystems.com+dwa7W.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
TCP: {0E22AECB-B390-4B0F-8AE4-BA57FF71D98B} = 193.104.110.38,4.2.2.1,192.168.2.1
TCP: {9038627C-7419-473D-BDC0-5CE5C8860BF9} = 193.104.110.38,4.2.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: sovitihib - {8d977c07-5a24-455d-8008-820bd53389bc} - c:\windows\system32\kiremava.dll
STS: jugezatag: {8d977c07-5a24-455d-8008-820bd53389bc} - c:\windows\system32\kiremava.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli hatauest.dll sasoresi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matthe~1\applic~1\mozilla\firefox\profiles\0ux04f0s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-26 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-26 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-26 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-26 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-26 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-26 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-26 40552]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2006-12-24 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2006-12-24 24576]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-1-10 57344]

=============== Created Last 30 ================

2009-12-29 07:38:58 0 ----a-w- c:\windows\system32\23281.exe
2009-12-29 07:18:41 0 ----a-w- c:\windows\system32\28145.exe
2009-12-29 06:58:24 0 ----a-w- c:\windows\system32\5705.exe
2009-12-29 06:38:06 0 ----a-w- c:\windows\system32\24464.exe
2009-12-29 06:17:49 0 ----a-w- c:\windows\system32\26962.exe
2009-12-29 05:57:32 0 ----a-w- c:\windows\system32\29358.exe
2009-12-29 05:37:14 0 ----a-w- c:\windows\system32\11478.exe
2009-12-29 05:16:57 0 ----a-w- c:\windows\system32\15724.exe
2009-12-29 04:56:40 0 ----a-w- c:\windows\system32\19169.exe
2009-12-29 04:36:22 0 ----a-w- c:\windows\system32\26500.exe
2009-12-29 04:16:05 0 ----a-w- c:\windows\system32\6334.exe
2009-12-29 03:16:17 0 ----a-w- c:\windows\system32\18467.exe
2009-12-29 02:32:40 120 ----a-w- c:\windows\Umiziwuvubo.dat
2009-12-29 02:32:40 0 ----a-w- c:\windows\Sqemi.bin
2009-12-29 02:31:11 552 ----a-w- c:\windows\system32\uses32.dat
2009-12-29 02:31:11 100 ----a-w- c:\windows\system32\flags.ini
2009-12-29 02:30:33 0 ----a-w- c:\windows\system32\41.exe
2009-12-29 02:24:56 707072 ----a-w- c:\windows\system32\drivers\ooqqxzc.sys
2009-12-25 14:54:12 230424 ----a-w- C:\img2-001.raw
2009-12-25 03:36:50 0 d-----w- c:\documents and settings\matthew tremmel\Tracing
2009-12-24 20:33:28 0 d-----w- c:\program files\Microsoft LifeCam
2009-12-24 18:13:03 0 d-----w- c:\program files\Microsoft
2009-12-24 18:12:46 0 d-----w- c:\program files\Windows Live SkyDrive
2009-12-24 18:08:07 0 d-----w- c:\program files\common files\Windows Live
2009-12-24 14:51:04 202088 ----a-r- c:\windows\system32\LCCoin14.dll
2009-12-24 14:51:03 709992 ----a-r- c:\windows\vVX1000.exe
2009-12-24 14:51:03 185704 ----a-r- c:\windows\system32\cVX1000.dll
2009-12-24 14:51:03 15498 ----a-r- c:\windows\VX1000.ini
2009-12-24 14:51:03 13023 ----a-r- c:\windows\VX1000.src
2009-12-24 14:51:02 476520 ----a-r- c:\windows\vVX1000.dll
2009-12-24 14:51:02 111976 ----a-r- c:\windows\VX1000.dll
2009-12-24 14:50:58 1966312 ----a-r- c:\windows\system32\drivers\VX1000.sys

==================== Find3M ====================

2009-12-29 02:24:52 707072 ----a-w- c:\windows\system32\drivers\61883.sys
2009-11-01 23:54:29 552960 ----a-w- c:\windows\system32\U2 The Unforgettable Fire SS1.scr
2009-10-28 23:14:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2003-08-27 18:19:18 36963 -c----w- c:\program files\common files\SM1updtr.dll
2009-09-29 02:24:43 0 --sha-w- c:\windows\system32\bisomasu.dll
2009-09-29 02:24:43 0 --sha-w- c:\windows\system32\vajafeti.dll

============= FINISH: 6:40:07.76 ===============

Edited by twiceshy, 09 January 2010 - 07:07 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:16 PM

Posted 15 January 2010 - 05:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 twiceshy

twiceshy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 16 January 2010 - 09:13 AM

Hi there, thank you for responding. I have run OTL again. Please find the two log files included.

I also wanted to elaborate on the problems I had or have been having seen since my initial post. I have had the Vundo trojan, FakeAlert-DHA trojan, Bredolab-genm trojan, Generic Downloader.x!ckf trojan, Generic.dx!kef trojan, Artemis! trojans, and a lot of Generic.dx!ktk trojans. All of these were found by McAfee and fixed or quarantined. Although the last one keeps getting found at intervals. Also, Internet Explorer no longer launches at all. My computer is incredibly slow to open any app. Windows installer no longer works. I still get the RUNDLL error with kiremava.dll each time I reboot.

OTL logfile created on: 1/16/2010 9:00:00 AM - Run 2
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Documents and Settings\Matthew Tremmel\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 216.00 Mb Available Physical Memory | 21.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 8000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.30 Gb Total Space | 21.37 Gb Free Space | 29.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 60.13 Gb Total Space | 2.26 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
Drive F: | 172.75 Gb Total Space | 75.18 Gb Free Space | 43.52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIMEMEAT
Current User Name: Matthew Tremmel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Matthew Tremmel\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\PROGRA~1\mcafee\msc\mcshell.exe (McAfee, Inc.)
PRC - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)
PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
PRC - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
PRC - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\SoftwareDistribution\Download\da7fee2d51e2e59bdd47cb9e03387bcc\update\update.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\System32\PRISMSVR.EXE (Conexant Systems, Inc.)
PRC - C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
PRC - C:\WINDOWS\System32\brss01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (C-Dilla Ltd)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Matthew Tremmel\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
MOD - C:\WINDOWS\ecehisiquyic.dll ()
MOD - C:\WINDOWS\SYSTEM32\linkinfo.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (MSDTC) -- C:\WINDOWS\SYSTEM32\msdtc [2005/01/10 22:02:12 | 00,000,000 | ---D | M]
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (PRISMSVC) -- C:\WINDOWS\System32\PRISMSVC.EXE (Conexant Systems, Inc.)
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\System32\brsvc01a.exe (brother Industries Ltd)
SRV - (C-DillaSrv) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (C-Dilla Ltd)
SRV - (WMDM PMSP Service) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (61883) -- C:\WINDOWS\System32\DRIVERS\61883.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (USBAAPL) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (MPFP) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\System32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (pae_1394) -- C:\WINDOWS\System32\Drivers\pae_1394.sys (BridgeCo AG)
DRV - (pae_avs) -- C:\WINDOWS\System32\Drivers\pae_avs.sys (BridgeCo AG)
DRV - (VX1000) -- C:\WINDOWS\System32\DRIVERS\VX1000.sys (Microsoft Corporation)
DRV - (JL2005C) -- C:\WINDOWS\System32\Drivers\jl2005c.sys (Windows ® 2000 DDK provider)
DRV - (UsbDiag) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RxFilter) -- C:\WINDOWS\System32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (HPZid412) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (ps_avs) -- C:\WINDOWS\System32\Drivers\ps_avs.sys (BridgeCo AG)
DRV - (ps_1394) -- C:\WINDOWS\System32\Drivers\ps_1394.sys (BridgeCo AG)
DRV - (DELL_A02) -- C:\WINDOWS\System32\DRIVERS\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (Ptilink) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (SQTECH905C) -- C:\WINDOWS\System32\Drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (P17) -- C:\WINDOWS\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (b57w2k) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (IntelC52) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (ctsfm2k) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (C-Dilla) -- C:\WINDOWS\System32\drivers\CDANT.SYS (Macrovision)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=:

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=:



IE - HKU\S-1-5-21-3833081590-878925131-4006985418-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-3833081590-878925131-4006985418-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-3833081590-878925131-4006985418-1005\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3833081590-878925131-4006985418-1005\S-1-5-21-3833081590-878925131-4006985418-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 05:54:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 05:51:27 | 00,000,000 | ---D | M]

[2010/01/09 05:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Tremmel\Application Data\Mozilla\Extensions
[2010/01/15 10:31:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Tremmel\Application Data\Mozilla\Firefox\Profiles\0ux04f0s.default\extensions
[2010/01/09 05:51:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 17:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [bmdvwaet] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\cbfqpx\mgrisysguard.exe File not found
O4 - HKLM..\Run: [fcllairn] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xnepfj\vitvsysguard.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [msmuwuqp] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xmsomy\bvemsysguard.exe File not found
O4 - HKLM..\Run: [Pziluhoneni] C:\WINDOWS\ecehisiquyic.DLL ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tipejofam] C:\WINDOWS\System32\kiremava.DLL File not found
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe File not found
O4 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005..\Run: [bmdvwaet] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\cbfqpx\mgrisysguard.exe File not found
O4 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005..\Run: [fcllairn] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xnepfj\vitvsysguard.exe File not found
O4 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005..\Run: [msmuwuqp] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xmsomy\bvemsysguard.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FirePod Control Panel.lnk = E:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe (PreSonus Audio Electronics)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 115 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 115 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 115 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 115 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005\..Trusted Domains: 115 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1220655070671 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} http://www.costcophotocenter.com/upload/ac...veX_Control.cab? (Photo Upload Plugin Class)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.dstsystems.com/,DanaInfo=ds...s.com+dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm.webex.com/client/T25L10NSP41E...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdsock.dll) - C:\WINDOWS\SYSTEM32\kbdsock.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: sovitihib - {8d977c07-5a24-455d-8008-820bd53389bc} - C:\WINDOWS\System32\kiremava.dll File not found
O22 - SharedTaskScheduler: {8d977c07-5a24-455d-8008-820bd53389bc} - jugezatag - C:\WINDOWS\System32\kiremava.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{37bd88de-6f80-11dc-b588-00904bc99fbe}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{4c2222e4-87f2-11d9-b08b-00904bc99fbe}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{9b4a0a4e-ace2-11db-b429-00904bc99fbe}\Shell - "" = AutoRun
O33 - MountPoints2\{9b4a0a4e-ace2-11db-b429-00904bc99fbe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b4a0a4e-ace2-11db-b429-00904bc99fbe}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\SYSTEM32\mshlps.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/15 03:02:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/01/03 14:52:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Desktop\avz4
[2009/12/26 20:37:28 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Matthew Tremmel\My Documents\LifeCam Files
[2009/12/25 08:59:28 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/12/24 22:36:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Tracing
[2009/12/24 15:33:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2009/12/24 15:31:34 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/12/24 15:31:34 | 00,068,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/12/24 15:31:34 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/12/24 15:31:33 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/12/24 15:31:33 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/12/24 15:31:32 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/12/24 15:31:32 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/12/24 15:31:32 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/12/24 15:31:31 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/12/24 15:31:22 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/12/24 15:31:22 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/12/24 15:31:22 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/12/24 15:31:21 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/12/24 15:31:20 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/12/24 15:31:20 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/12/24 15:31:19 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/12/24 15:31:19 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/12/24 15:31:18 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/12/24 15:31:03 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/12/24 13:13:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/24 13:12:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/12/24 13:12:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/12/24 13:12:19 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/12/24 13:08:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/12/24 09:51:04 | 00,202,088 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LCCoin14.dll
[2009/12/24 09:51:03 | 00,709,992 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
[2009/12/24 09:51:03 | 00,185,704 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cVX1000.dll
[2009/12/24 09:51:02 | 00,476,520 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.dll
[2009/12/24 09:51:02 | 00,111,976 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\VX1000.dll
[2009/12/24 09:50:58 | 01,966,312 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VX1000.sys
[2009/12/24 07:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Desktop\digital frame
[2009/12/23 07:38:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Application Data\U3
[2009/12/22 20:57:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Desktop\New Folder
[2009/12/22 18:32:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\cbfqpx
[2009/12/19 07:59:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xnepfj
[2009/08/04 19:01:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/11/11 08:24:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2008/09/07 10:35:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/05 18:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/05/12 08:52:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\McAfee
[2007/08/15 18:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/21 18:25:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/02/12 06:03:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/02/12 06:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/02/12 06:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/09/13 04:59:57 | 00,036,963 | ---- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2006/07/11 13:29:00 | 00,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll
[2006/02/19 03:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2005/03/23 19:25:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com
[2005/02/11 17:42:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/02/02 20:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[1980/01/01 01:00:00 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 01:00:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/16 08:23:13 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Umiziwuvubo.dat
[2010/01/16 08:23:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Sqemi.bin
[2010/01/16 08:20:35 | 01,334,364 | ---- | M] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\rx_audio.Cache
[2010/01/16 08:09:20 | 00,016,641 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/16 07:11:05 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/16 06:14:18 | 00,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A6924972-B1DE-445A-8501-2C2C388F1F46}.job
[2010/01/16 01:11:10 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/15 19:11:05 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/15 13:12:50 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/15 01:36:19 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/14 20:57:54 | 00,230,424 | ---- | M] () -- C:\img2-001.raw
[2010/01/14 20:12:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/14 20:06:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/14 20:04:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/14 20:04:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/14 20:04:09 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/14 20:01:28 | 14,417,920 | -H-- | M] () -- C:\Documents and Settings\Matthew Tremmel\NTUSER.DAT
[2010/01/14 20:01:28 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Matthew Tremmel\NTUSER.INI
[2010/01/14 10:47:08 | 00,036,797 | ---- | M] () -- C:\Documents and Settings\Matthew Tremmel\Desktop\SE_poster_603_2.jpg
[2010/01/11 14:43:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/10 19:48:05 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\worker.info
[2010/01/10 19:48:05 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\thread.xml
[2010/01/10 19:48:05 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\config.data
[2010/01/09 05:51:29 | 00,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/09 05:49:47 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/09 05:49:47 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/03 14:51:37 | 00,022,192 | ---- | M] () -- C:\Documents and Settings\Matthew Tremmel\Desktop\Welcome to BleepingComputer.docx
[2010/01/03 14:02:00 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\piponuso
[2010/01/03 09:07:26 | 00,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/29 07:26:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/12/29 07:06:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/12/29 02:38:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2009/12/29 02:18:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2009/12/29 01:58:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2009/12/29 01:38:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2009/12/29 01:17:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2009/12/29 00:57:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2009/12/29 00:37:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2009/12/29 00:16:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/12/28 23:56:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/12/28 23:36:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/12/28 23:16:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/28 21:24:56 | 00,707,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\ooqqxzc.sys
[2009/12/28 21:24:52 | 00,707,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\61883.sys
[2009/12/24 15:35:11 | 00,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2009/12/24 15:35:11 | 00,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Call.lnk
[2009/12/24 09:51:34 | 00,000,160 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job
[2009/12/24 08:32:24 | 00,163,840 | ---- | M] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 21:48:16 | 00,007,051 | ---- | M] () -- C:\Documents and Settings\Matthew Tremmel\Application Data\PrimoPDFSet.xml
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/14 10:47:03 | 00,036,797 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Desktop\SE_poster_603_2.jpg
[2010/01/10 08:14:19 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\worker.info
[2010/01/10 08:14:19 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\thread.xml
[2010/01/10 08:14:19 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\config.data
[2010/01/09 05:51:29 | 00,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/03 14:51:32 | 00,022,192 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Desktop\Welcome to BleepingComputer.docx
[2009/12/29 02:38:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/12/29 02:18:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/12/29 01:58:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/12/29 01:38:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/12/29 01:17:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/12/29 00:57:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/12/29 00:37:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/12/29 00:16:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/12/28 23:56:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/12/28 23:36:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/12/28 23:16:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/28 22:16:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/12/28 21:32:40 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Umiziwuvubo.dat
[2009/12/28 21:32:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Sqemi.bin
[2009/12/28 21:31:11 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2009/12/28 21:31:11 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2009/12/28 21:30:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/12/28 21:24:56 | 00,707,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\ooqqxzc.sys
[2009/12/25 09:54:12 | 00,230,424 | ---- | C] () -- C:\img2-001.raw
[2009/12/24 15:35:11 | 00,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2009/12/24 15:35:11 | 00,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Call.lnk
[2009/12/24 09:51:31 | 00,000,160 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job
[2009/12/24 09:51:03 | 00,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2009/12/24 09:51:03 | 00,013,023 | R--- | C] () -- C:\WINDOWS\VX1000.src
[2009/12/19 13:36:19 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2009/12/19 13:36:18 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2009/12/19 13:36:18 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2009/12/19 13:36:18 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2009/11/09 21:38:47 | 00,000,020 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2009/09/28 21:24:43 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\vajafeti.dll
[2009/09/28 21:24:43 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\bisomasu.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/11 10:03:24 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/02/07 04:40:45 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\keyfile3.drm
[2008/12/02 16:27:07 | 00,007,051 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Application Data\PrimoPDFSet.xml
[2008/12/02 16:15:13 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/10/17 08:42:39 | 00,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2008/07/26 19:02:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/04/28 12:13:33 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/02/18 15:29:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/02 07:46:29 | 01,334,364 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\rx_audio.Cache
[2007/04/20 14:30:54 | 22,735,920 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\rx_image.Cache
[2007/03/21 17:36:22 | 00,646,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/01/29 06:28:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/01/28 04:43:39 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p4now.sys
[2006/11/04 13:35:29 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/04 13:30:01 | 00,005,891 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/14 20:00:18 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/09/14 20:00:18 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/09/14 20:00:18 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/09/14 20:00:18 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/08/16 07:47:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/09 03:19:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/08/09 03:19:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/09 00:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/06/26 17:55:22 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/04/30 10:04:29 | 00,000,206 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/04/10 15:04:55 | 00,000,305 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/04/03 07:27:16 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/13 16:59:27 | 00,000,039 | ---- | C] () -- C:\WINDOWS\VideoWave.INI
[2006/02/24 10:20:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/02/23 15:56:46 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/02/22 15:13:40 | 00,003,309 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/01/15 10:48:28 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/12/24 10:28:23 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/11/14 12:56:15 | 00,000,057 | ---- | C] () -- C:\WINDOWS\DRAGDR~1.INI
[2005/10/27 12:01:27 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS0W.DLL
[2005/09/08 11:44:54 | 00,000,023 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/09/01 18:03:11 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2005/08/29 09:37:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2005/08/22 20:57:01 | 00,024,048 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2005/07/15 13:35:56 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 13:35:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 13:35:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/08 19:20:20 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2005/04/23 19:45:56 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFM.DLL
[2005/03/28 07:41:32 | 00,000,084 | ---- | C] () -- C:\WINDOWS\VideoToAudioConverter.ini
[2005/03/21 16:23:18 | 00,000,147 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2005/03/21 16:23:18 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2005/03/21 16:23:18 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2005/03/21 16:23:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bw5170dn.ini
[2005/03/21 16:23:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/03/21 16:23:16 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2005/03/21 16:23:16 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2005/03/21 16:23:16 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2005/03/21 16:23:15 | 00,015,108 | ---- | C] () -- C:\WINDOWS\HL-5170DN.INI
[2005/03/21 16:23:08 | 00,000,449 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2005/03/21 16:23:08 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/03/21 16:23:07 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/03/21 16:22:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\PTRCENG.DLL
[2005/03/11 21:02:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/02/16 05:16:19 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\fusioncache.dat
[2005/02/07 18:14:53 | 00,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/02/07 18:14:32 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/02/06 17:46:30 | 00,044,600 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFS.DLL
[2005/01/30 14:28:23 | 00,000,241 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2005/01/26 20:08:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/26 16:41:32 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/01/22 07:37:16 | 00,163,840 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/22 07:20:08 | 00,707,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\61883.sys
[2005/01/20 21:02:26 | 00,039,467 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/10 22:40:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/10 22:34:56 | 00,000,295 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/10 22:31:21 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/10 22:31:14 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/01/10 22:31:14 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/10 22:31:08 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/10 22:03:48 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/18 13:01:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2004/08/11 18:25:56 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 00,172,544 | ---- | C] () -- C:\WINDOWS\ecehisiquyic.dll
[2004/08/04 06:00:00 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\kbdsock.dll
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/02 00:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 00:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/08/07 14:01:52 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 01:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\WebEx:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\underrhino.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\rhinonono.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\rhinoball.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\Quicken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\Meghan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\LifeCam Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\Ethan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\Desktop\SE_poster_603_2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\Desktop\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\Desktop\digital frame:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\Desktop\avz4:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF8F1AE3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
< End of report >

OTL Extras logfile created on: 1/16/2010 9:00:00 AM - Run 2
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Documents and Settings\Matthew Tremmel\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 216.00 Mb Available Physical Memory | 21.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 8000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.30 Gb Total Space | 21.37 Gb Free Space | 29.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 60.13 Gb Total Space | 2.26 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
Drive F: | 172.75 Gb Total Space | 75.18 Gb Free Space | 43.52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIMEMEAT
Current User Name: Matthew Tremmel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_USERS\S-1-5-21-3833081590-878925131-4006985418-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" = C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- (Sonic Solutions)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\DELL\drivers\R89393\Setup.exe" = C:\DELL\drivers\R89393\Setup.exe:*:Enabled:Dell Wireless 4350 Small Network Access Point Setup Wizard -- File not found
"D:\Setup.exe" = D:\Setup.exe:*:Enabled:Dell Wireless 2350 Broadband Router Setup Wizard -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" = C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- (Sonic Solutions)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\Matthew Tremmel\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\Matthew Tremmel\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook -- File not found
"C:\Program Files\Roxio\Sound Editor 9\SoundEdit9.exe" = C:\Program Files\Roxio\Sound Editor 9\SoundEdit9.exe:*:Enabled:Roxio Sound Editor -- (Sonic Solutions)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3192A00C-7336-48C6-8BD7-54B9CFA6F7C1}" = Windows Rights Management Client
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4D2B1159-89F1-11D6-B2FB-0002A5E32BEF}" = Mike's Monstrous Adventure
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}" = Roxio Easy Media Creator 7 Basic DVD Edition
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B246C325-1C49-4572-8665-7691EFE1D06B}" = MGI VideoWave 4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0F1D3B6-F50E-49AE-A942-FFDFFA16F9A9}" = PhotoStreamer 2
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"ABC" = ABC (remove only)
"ActiveTouchMeetingClient" = Meeting Service
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"Brother HL-5170DN" = Brother HL-5170DN
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CodInstl" = Intel A/V Codecs V2.0
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"EOS Utility" = Canon Utilities EOS Utility
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"getPlus®_ocx" = getPlus®_ocx
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"JumpStart Typing" = JumpStart Typing
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF Password Cracker v3.1_is1" = PDF Password Cracker v3.1
"PhotoStitch" = Canon Utilities PhotoStitch
"PhotoStreamer 2" = PhotoStreamer 2
"PreSonus 1394 Audio Driver v2.46 (FirePod) Setup" = PreSonus 1394 Audio Driver v2.46 (FirePod)
"PrimoPDF4.1.0.9" = PrimoPDF
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Seven Seas Deluxe 1.13" = Seven Seas Deluxe 1.13
"SightSpeed" = SightSpeed (remove only)
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SnagIt5" = SnagIt 5
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 13d
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"Steinberg Cubase LE" = Steinberg Cubase LE
"U2 The Unforgettable Fire SS1" = U2 The Unforgettable Fire SS1 Screen Saver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Win2PDF_is1" = Win2PDF 2.80
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3833081590-878925131-4006985418-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2010 8:34:02 PM | Computer Name = LIMEMEAT | Source = Microsoft Office 12 | ID = 5000
Description = EventType office12asserttimer, P1 p1ml, P2 12.0.6425.0, P3 1, P4 0,
P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 1/12/2010 6:49:06 PM | Computer Name = LIMEMEAT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2010 5:24:11 PM | Computer Name = LIMEMEAT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\MATTHEW TREMMEL\MY DOCUMENTS\MY
MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 1/14/2010 5:24:12 PM | Computer Name = LIMEMEAT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\MATTHEW TREMMEL\MY DOCUMENTS\MY
MUSIC\ITUNES\ITUNES LIBRARY GENIUS.ITDB-JOURNAL> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 1/14/2010 5:24:52 PM | Computer Name = LIMEMEAT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\MATTHEW TREMMEL\MY DOCUMENTS\MY
MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 1/14/2010 5:30:56 PM | Computer Name = LIMEMEAT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\MATTHEW TREMMEL\MY DOCUMENTS\MY
MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 1/14/2010 5:44:23 PM | Computer Name = LIMEMEAT | Source = Microsoft Office 12 | ID = 5000
Description = EventType office12asserttimer, P1 p1ml, P2 12.0.6425.0, P3 1, P4 0,
P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 1/14/2010 9:12:04 PM | Computer Name = LIMEMEAT | Source = MsiInstaller | ID = 11706
Description = Product: Roxio Media Experience -- Error 1706. An installation package
for the product Roxio Media Experience cannot be found. Try the installation again
using a valid copy of the installation package 'Roxio Easy Media Creator 9 Suite.msi'.

Error - 1/14/2010 9:12:44 PM | Computer Name = LIMEMEAT | Source = MsiInstaller | ID = 11706
Description = Product: Roxio Media Experience -- Error 1706. An installation package
for the product Roxio Media Experience cannot be found. Try the installation again
using a valid copy of the installation package 'Roxio Easy Media Creator 9 Suite.msi'.

Error - 1/15/2010 8:19:22 AM | Computer Name = LIMEMEAT | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 9.0.2.25, faulting module
itunes.dll, version 9.0.2.25, fault address 0x00136ff2.

[ OSession Events ]
Error - 12/23/2008 1:17:39 PM | Computer Name = LIMEMEAT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.


< End of report >




#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:16 PM

Posted 16 January 2010 - 10:27 AM

Hi,

please run a scan with gmer to check for rootkits as well:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 twiceshy

twiceshy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 16 January 2010 - 03:10 PM

Hi there,

Here is the log from gmer. Thank you.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 14:27:14
Windows 5.1.2600 Service Pack 3
Running: pclwevnc.exe; Driver: C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\axdoapow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF756287E]
SSDT sptd.sys ZwEnumerateKey [0xF72BDA92]
SSDT sptd.sys ZwEnumerateValueKey [0xF72BDE20]
SSDT sptd.sys ZwOpenKey [0xF72B8090]
SSDT sptd.sys ZwQueryKey [0xF72BDEF8]
SSDT sptd.sys ZwQueryValueKey [0xF72BDD78]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7562BFE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB25F178A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB25F1738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB25F174C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB25F183A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB25F1866]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB25F17CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB25F1900]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB25F1710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB25F1724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB25F179E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB25F18A8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB25F1850]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB25F1928]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB25F1914]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB25F1776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB25F1762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB25F17F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB25F18EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB25F17E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB25F17B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B25F17B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B25F178E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP B25F17CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP B25F17E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP B25F17A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP B25F1714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP B25F1728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP B25F1766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP B25F1750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11FA 5 Bytes JMP B25F173C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP B25F177A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AC 5 Bytes JMP B25F17FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622062 7 Bytes JMP B25F18EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622900 7 Bytes JMP B25F18AC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D4 7 Bytes JMP B25F1854 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C42 7 Bytes JMP B25F183E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E12 7 Bytes JMP B25F186A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062516A 5 Bytes JMP B25F1918 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585E 5 Bytes JMP B25F192C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625978 5 Bytes JMP B25F1904 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5A79000, 0x1C5D58, 0xE8000020]
.text USBPORT.SYS!DllUnload F0C3F8AC 5 Bytes JMP 86CCF6D0
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF5E51760]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD008E
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD007D
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD006C
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0040
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD00BA
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0F7E
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0101
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00E6
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0112
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD005B
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD009F
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD002F
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD00D5
.text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930047
.text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FDB
.text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F9E
.text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FAF
.text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920055
.text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920044
.text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FD4
.text C:\WINDOWS\system32\svchost.exe[368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920029
.text C:\WINDOWS\system32\svchost.exe[368] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[368] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[368] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00900FB9
.text C:\WINDOWS\system32\svchost.exe[368] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00900FA8
.text C:\WINDOWS\system32\svchost.exe[368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0080
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F8B
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F9C
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0065
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00B6
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F6E
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00F3
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00E2
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F49
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B004A
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0014
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B009B
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B002F
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00C7
.text C:\WINDOWS\system32\wuauclt.exe[736] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\wuauclt.exe[736] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0F9A
.text C:\WINDOWS\system32\wuauclt.exe[736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FBC
.text C:\WINDOWS\system32\wuauclt.exe[736] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[736] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FAB
.text C:\WINDOWS\system32\wuauclt.exe[736] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD7
.text C:\WINDOWS\system32\wuauclt.exe[736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FA8
.text C:\WINDOWS\system32\wuauclt.exe[736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0F79
.text C:\WINDOWS\system32\wuauclt.exe[736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FC3
.text C:\WINDOWS\system32\wuauclt.exe[736] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\wuauclt.exe[736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[736] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[736] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003C0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA0056
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA0F6B
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA0F7C
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA0039
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA001E
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA0F32
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA0078
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA00A9
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA0F10
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EA00BA
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EA0F97
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA0FDE
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EA0067
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EA0FBC
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EA0FCD
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EA0F21
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E90022
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E90087
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E90011
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E90FDB
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E90FC0
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E90058
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E90047
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01360036
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!system 77C293C7 5 Bytes JMP 01360FAB
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01360FC6
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01360000
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0136001B
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01360FD7
.text C:\WINDOWS\system32\services.exe[1128] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012F000A
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012F0091
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 012F0F9C
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 012F0FC3
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 012F0080
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012F005B
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012F00C9
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012F00B8
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012F0F44
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012F0F55
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012F0F29
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012F0FD4
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012F0FEF
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012F0F81
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 012F0040
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 012F0025
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012F0F66
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 012E0047
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 012E0FC0
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 012E002C
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 012E001B
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 012E0073
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 012E0000
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 012E0FD1
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4E, 89]
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 012E0058
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0122005D
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!system 77C293C7 5 Bytes JMP 01220042
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01220FD9
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0122000C
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01220FC8
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0122001D
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01210000
.text C:\WINDOWS\system32\lsass.exe[1140] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01200000
.text C:\WINDOWS\system32\lsass.exe[1140] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01200011
.text C:\WINDOWS\system32\lsass.exe[1140] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01200022
.text C:\WINDOWS\system32\lsass.exe[1140] WININET.dll!InternetOpenUrlW 3D998439 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[1140] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 0120003D
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0F8B
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0080
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0065
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF004A
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF00A5
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF0F69
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F16
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF0F27
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F05
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF0F7A
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF0F42
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FCA
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80087
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F8001B
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F8006C
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F80051
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80040
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024A0031
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!system 77C293C7 5 Bytes JMP 024A0FA6
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024A0FC1
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024A0FEF
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024A0016
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024A0FD2
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02490FEF
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD009A
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD0089
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD006C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD0051
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD0025
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD00D2
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0F8A
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD0F5E
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C80236B 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD0F6F
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DD0F43
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DD0036
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DD0FE5
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DD00B5
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DD0FB9
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DD0FD4
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DD00E3
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DC003D
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DC0FAF
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DC0F76
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DC0022
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DC0011
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF0064
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF003F
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF001D
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF002E
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF000C
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02ED000A
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02ED006C
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02ED0F77
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02ED0F94
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02ED0FA5
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02ED0047
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02ED009F
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02ED008E
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02ED00C4
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02ED0F2B
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02ED0F06
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02ED0FC0
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02ED0FEF
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02ED007D
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02ED0036
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02ED0025
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02ED0F46
.text C:\WINDOWS\System32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02EC0022
.text C:\WINDOWS\System32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02EC0FB6
.text C:\WINDOWS\System32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02EC0011
.text C:\WINDOWS\System32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02EC0FE5
.text C:\WINDOWS\System32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02EC0073
.text C:\WINDOWS\System32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02EC0000
.text C:\WINDOWS\System32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02EC0058
.text C:\WINDOWS\System32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02EC0033
.text C:\WINDOWS\System32\svchost.exe[1440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02EB003D
.text C:\WINDOWS\System32\svchost.exe[1440] msvcrt.dll!system 77C293C7 5 Bytes JMP 02EB0FBC
.text C:\WINDOWS\System32\svchost.exe[1440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02EB0FD7
.text C:\WINDOWS\System32\svchost.exe[1440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02EB0000
.text C:\WINDOWS\System32\svchost.exe[1440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02EB002C
.text C:\WINDOWS\System32\svchost.exe[1440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02EB0011
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02E30FEF
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 02E20000
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 02E2001B
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 02E20FE5
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 02E20036
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0065005D
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650042
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F68
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F79
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650089
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F41
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650EF0
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F01
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006500AE
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650078
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650F26
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FC0
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0064004A
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FDB
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640011
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640F8D
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00640F9E
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FAF
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630F92
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630027
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FD2
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630FB7
.text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0093005F
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00930F74
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0093004E
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0093003D
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00930FB6
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009300A8
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00930097
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00930F19
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00930F2A
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00930F08
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00930FA5
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00930011
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00930070
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00930FD1
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00930022
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00930F45
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920062
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00920FD4
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00920051
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00920FE5
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0092002C
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920FAF
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0091002C
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910FAB
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00910FC6
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910FE3
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[1536] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD007D
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0062
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0051
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0F94
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0036
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD00B3
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F77
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD00DF
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0F46
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD0104
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0FA5
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD00A2
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD0025
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD00CE
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CC0036
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CC0FA5
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CC0FC0
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CC006C
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CC0051
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB0062
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB003D
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB0018
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB0FCD
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[1628] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA0FEF
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1920] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1920] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1920] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1920] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1920] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1920] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[1920] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\Explorer.EXE[2288] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\Explorer.EXE[2288] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\Explorer.EXE[2288] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\Explorer.EXE[2288] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\Explorer.EXE[2288] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\Explorer.EXE[2288] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\Explorer.EXE[2288] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0253000A
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02530F5C
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02530F6D
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02530051
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02530F94
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0253002C
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02530089
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02530F41
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02530F01
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02530F1C
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02530EF0
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02530FA5
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02530FE5
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0253006C
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02530FC0
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0253001B
.text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0253009A
.text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02520FAF
.text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02520F72
.text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0252000A
.text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02520FD4
.text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0252002F
.text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02520FEF
.text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02520F83
.text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [72, 8A] {JB 0xffffffffffffff8c}
.text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02520F94
.text C:\WINDOWS\Explorer.EXE[2288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02510FD9
.text C:\WINDOWS\Explorer.EXE[2288] msvcrt.dll!system 77C293C7 5 Bytes JMP 02510064
.text C:\WINDOWS\Explorer.EXE[2288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0251002E
.text C:\WINDOWS\Explorer.EXE[2288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0251000C
.text C:\WINDOWS\Explorer.EXE[2288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02510049
.text C:\WINDOWS\Explorer.EXE[2288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0251001D
.text C:\WINDOWS\Explorer.EXE[2288] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 02470000
.text C:\WINDOWS\Explorer.EXE[2288] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 02470FDB
.text C:\WINDOWS\Explorer.EXE[2288] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 02470011
.text C:\WINDOWS\Explorer.EXE[2288] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 02470FB6
.text C:\WINDOWS\Explorer.EXE[2288] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02500FEF
.text C:\WINDOWS\system32\PRISMSVR.EXE[2324] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\PRISMSVR.EXE[2324] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\PRISMSVR.EXE[2324] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\PRISMSVR.EXE[2324] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\PRISMSVR.EXE[2324] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\PRISMSVR.EXE[2324] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\PRISMSVR.EXE[2324] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D4008E
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D40FA3
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D4007D
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D40FC0
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D40047
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D40F6D
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D40F7E
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D400E1
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D40F48
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D40F37
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D40058
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D400A9
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D40036
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D40025
.text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D400D0
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D30FB9
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D30051
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D30FCA
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D30000
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D30040
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D30F9E
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F3, 88]
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D30025
.text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D2003D
.text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D20FBC
.text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D20011
.text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D2002C
.text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D20FD7
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\SM1BG.EXE[2744] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\SM1BG.EXE[2744] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\SM1BG.EXE[2744] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\SM1BG.EXE[2744] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\SM1BG.EXE[2744] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\SM1BG.EXE[2744] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\SM1BG.EXE[2744] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[2884] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[2884] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[2884] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[2884] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[2884] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[2884] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[2884] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\vVX1000.exe[3024] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\vVX1000.exe[3024] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\vVX1000.exe[3024] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\vVX1000.exe[3024] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\vVX1000.exe[3024] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\vVX1000.exe[3024] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\vVX1000.exe[3024] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3076] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3076] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3076] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3076] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3076] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3076] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3076] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\ctfmon.exe[3116] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\ctfmon.exe[3116] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\ctfmon.exe[3116] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\ctfmon.exe[3116] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\ctfmon.exe[3116] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\ctfmon.exe[3116] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\ctfmon.exe[3116] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[3412] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[3412] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[3412] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[3412] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[3412] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[3412] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[3412] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002B0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002B0F7E
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002B0F8F
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 002B0FAA
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 002B0069
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 002B0047
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002B0095
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002B0F59
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002B00B7
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002B00A6
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002B0F03
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 002B0058
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 002B0000
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002B0084
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 002B0036
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 002B0025
.text C:\Program Files\Messenger\msmsgs.exe[3524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002B0F28
.text C:\Program Files\Messenger\msmsgs.exe[3524] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290F90
.text C:\Program Files\Messenger\msmsgs.exe[3524] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FA1
.text C:\Program Files\Messenger\msmsgs.exe[3524] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0029001B
.text C:\Program Files\Messenger\msmsgs.exe[3524] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FE3
.text C:\Program Files\Messenger\msmsgs.exe[3524] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FBC
.text C:\Program Files\Messenger\msmsgs.exe[3524] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290000
.text C:\Program Files\Messenger\msmsgs.exe[3524] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0036
.text C:\Program Files\Messenger\msmsgs.exe[3524] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A008E
.text C:\Program Files\Messenger\msmsgs.exe[3524] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0025
.text C:\Program Files\Messenger\msmsgs.exe[3524] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A000A
.text C:\Program Files\Messenger\msmsgs.exe[3524] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0073
.text C:\Program Files\Messenger\msmsgs.exe[3524] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3524] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002A0062
.text C:\Program Files\Messenger\msmsgs.exe[3524] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0047
.text C:\Program Files\Messenger\msmsgs.exe[3524] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00280000
.text C:\Program Files\Messenger\msmsgs.exe[3524] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 002C0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3524] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 002C0000
.text C:\Program Files\Messenger\msmsgs.exe[3524] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 002C0FCA
.text C:\Program Files\Messenger\msmsgs.exe[3524] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 002C001B
.text C:\WINDOWS\system32\SearchIndexer.exe[3532] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3532] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3532] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3532] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3532] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3532] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3532] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3532] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3660] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 10006209 C:\WINDOWS\system32\kbdsock.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3660] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 1000643A C:\WINDOWS\system32\kbdsock.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3660] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 100063EB C:\WINDOWS\system32\kbdsock.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3660] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 1000624F C:\WINDOWS\system32\kbdsock.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3660] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10006461 C:\WINDOWS\system32\kbdsock.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3660] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 10006289 C:\WINDOWS\system32\kbdsock.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3660] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 1000635F C:\WINDOWS\system32\kbdsock.dll
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0060
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F75
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0043
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F86
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0F97
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B008C
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B007B
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00CC
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F29
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F0E
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B001E
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F50
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FB2
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FCD
.text C:\WINDOWS\system32\wuauclt.exe[5560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00A7
.text C:\WINDOWS\system32\wuauclt.exe[5560] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F9E
.text C:\WINDOWS\system32\wuauclt.exe[5560] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\wuauclt.exe[5560] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\system32\wuauclt.exe[5560] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[5560] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0029
.text C:\WINDOWS\system32\wuauclt.exe[5560] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0018
.text C:\WINDOWS\system32\wuauclt.exe[5560] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FBC
.text C:\WINDOWS\system32\wuauclt.exe[5560] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B004A
.text C:\WINDOWS\system32\wuauclt.exe[5560] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FCD
.text C:\WINDOWS\system32\wuauclt.exe[5560] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[5560] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0F97
.text C:\WINDOWS\system32\wuauclt.exe[5560] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[5560] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0039
.text C:\WINDOWS\system32\wuauclt.exe[5560] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B001E
.text C:\WINDOWS\system32\wuauclt.exe[5560] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003C0FEF
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F55
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A002F
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F7C
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A005E
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F0C
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0ECF
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0EEA
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0083
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0014
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F29
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\System32\svchost.exe[6020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0EFB
.text C:\WINDOWS\System32\svchost.exe[6020] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FDE
.text C:\WINDOWS\System32\svchost.exe[6020] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290091
.text C:\WINDOWS\System32\svchost.exe[6020] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[6020] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290025
.text C:\WINDOWS\System32\svchost.exe[6020] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290076
.text C:\WINDOWS\System32\svchost.exe[6020] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0029000A
.text C:\WINDOWS\System32\svchost.exe[6020] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290065
.text C:\WINDOWS\System32\svchost.exe[6020] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0029004A
.text C:\WINDOWS\System32\svchost.exe[6020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0049
.text C:\WINDOWS\System32\svchost.exe[6020] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FBE
.text C:\WINDOWS\System32\svchost.exe[6020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E001D
.text C:\WINDOWS\System32\svchost.exe[6020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[6020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E002E
.text C:\WINDOWS\System32\svchost.exe[6020] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[6020] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0FEF

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72B8AB4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72B8BFA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72B8B7C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72B9728] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72B95FE] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8713E1E8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 86C9C1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 871CC1E8
Device \Driver\dmio \Device\DmControl\DmConfig 871CC1E8
Device \Driver\dmio \Device\DmControl\DmPnP 871CC1E8
Device \Driver\dmio \Device\DmControl\DmInfo 871CC1E8
Device \Driver\usbuhci \Device\USBPDO-1 86C9C1E8
Device \Driver\usbuhci \Device\USBPDO-2 86C9C1E8
Device \Driver\usbuhci \Device\USBPDO-3 86C9C1E8
Device \Driver\usbehci \Device\USBPDO-4 86BE2980
Device \Driver\NetBT \Device\NetBT_Tcpip_{9038627C-7419-473D-BDC0-5CE5C8860BF9} 860761E8

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:16 PM

Posted 16 January 2010 - 05:03 PM

Hi,

it looks as if you haven't been infected by a rootkit. smile.gif

Please run the following fix to remove the infection present on your PC:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    MOD - C:\WINDOWS\ecehisiquyic.dll ()
    DRV - (61883) -- C:\WINDOWS\System32\DRIVERS\61883.sys ()
    O4 - HKLM..\Run: [bmdvwaet] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\cbfqpx\mgrisysguard.exe File not found
    O4 - HKLM..\Run: [fcllairn] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xnepfj\vitvsysguard.exe File not found
    O4 - HKLM..\Run: [msmuwuqp] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xmsomy\bvemsysguard.exe File not found
    O4 - HKLM..\Run: [Pziluhoneni] C:\WINDOWS\ecehisiquyic.DLL ()
    O4 - HKLM..\Run: [tipejofam] C:\WINDOWS\System32\kiremava.DLL File not found
    O4 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005..\Run: [bmdvwaet] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\cbfqpx\mgrisysguard.exe File not found
    O4 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005..\Run: [fcllairn] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xnepfj\vitvsysguard.exe File not found
    O4 - HKU\S-1-5-21-3833081590-878925131-4006985418-1005..\Run: [msmuwuqp] C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xmsomy\bvemsysguard.exe File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdsock.dll) - C:\WINDOWS\SYSTEM32\kbdsock.dll ()
    O21 - SSODL: sovitihib - {8d977c07-5a24-455d-8008-820bd53389bc} - C:\WINDOWS\System32\kiremava.dll File not found
    O22 - SharedTaskScheduler: {8d977c07-5a24-455d-8008-820bd53389bc} - jugezatag - C:\WINDOWS\System32\kiremava.dll File not found
    O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\SYSTEM32\mshlps.dll (Microsoft Corporation)

    [2009/12/22 18:32:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\cbfqpx
    [2009/12/19 07:59:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xnepfj

    [2010/01/16 08:23:13 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Umiziwuvubo.dat
    [2010/01/16 08:23:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Sqemi.bin

    [2009/12/29 07:26:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2009/12/29 07:06:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
    [2009/12/29 02:38:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
    [2009/12/29 02:18:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
    [2009/12/29 01:58:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
    [2009/12/29 01:38:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
    [2009/12/29 01:17:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
    [2009/12/29 00:57:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
    [2009/12/29 00:37:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
    [2009/12/29 00:16:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
    [2009/12/28 23:56:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
    [2009/12/28 23:36:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
    [2009/12/28 23:16:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
    [2009/12/28 21:24:56 | 00,707,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\ooqqxzc.sys
    [2010/01/03 14:02:00 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\piponuso
    [2009/09/28 21:24:43 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\vajafeti.dll
    [2009/09/28 21:24:43 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\bisomasu.dll
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 twiceshy

twiceshy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 16 January 2010 - 10:15 PM

Hi Again. Here is the log from the custom clean. Followed by the re-scan log. Thank you so much for your help. How do you know what to do? I would love to learn the proper way to diagnose and fix these kinds of problems. I will definitely be donating to this site. It was worth the wait. Please let me know if you see anything else needs fixing from the re-scan. Cheers!

All processes killed
========== OTL ==========
Service 61883 stopped successfully!
Service 61883 deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bmdvwaet deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fcllairn deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msmuwuqp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Pziluhoneni deleted successfully.
C:\WINDOWS\ecehisiquyic.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tipejofam deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3833081590-878925131-4006985418-1005\Software\Microsoft\Windows\CurrentVersion\Run\\bmdvwaet deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3833081590-878925131-4006985418-1005\Software\Microsoft\Windows\CurrentVersion\Run\\fcllairn deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3833081590-878925131-4006985418-1005\Software\Microsoft\Windows\CurrentVersion\Run\\msmuwuqp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\kbdsock.dll deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\kbdsock.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\sovitihib deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d977c07-5a24-455d-8008-820bd53389bc}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8d977c07-5a24-455d-8008-820bd53389bc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d977c07-5a24-455d-8008-820bd53389bc}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\AppSecDll:C:\WINDOWS\system32\mshlps.dll deleted successfully.
C:\WINDOWS\SYSTEM32\mshlps.dll moved successfully.
C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\cbfqpx folder moved successfully.
C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\xnepfj folder moved successfully.
C:\WINDOWS\Umiziwuvubo.dat moved successfully.
C:\WINDOWS\Sqemi.bin moved successfully.
C:\WINDOWS\SYSTEM32\18467.exe moved successfully.
C:\WINDOWS\SYSTEM32\41.exe moved successfully.
C:\WINDOWS\SYSTEM32\23281.exe moved successfully.
C:\WINDOWS\SYSTEM32\28145.exe moved successfully.
C:\WINDOWS\SYSTEM32\5705.exe moved successfully.
C:\WINDOWS\SYSTEM32\24464.exe moved successfully.
C:\WINDOWS\SYSTEM32\26962.exe moved successfully.
C:\WINDOWS\SYSTEM32\29358.exe moved successfully.
C:\WINDOWS\SYSTEM32\11478.exe moved successfully.
C:\WINDOWS\SYSTEM32\15724.exe moved successfully.
C:\WINDOWS\SYSTEM32\19169.exe moved successfully.
C:\WINDOWS\SYSTEM32\26500.exe moved successfully.
C:\WINDOWS\SYSTEM32\6334.exe moved successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\ooqqxzc.sys moved successfully.
C:\WINDOWS\SYSTEM32\piponuso moved successfully.
C:\WINDOWS\SYSTEM32\vajafeti.dll moved successfully.
C:\WINDOWS\SYSTEM32\bisomasu.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: Matthew Tremmel
->Temp folder emptied: 58180540 bytes
->Temporary Internet Files folder emptied: 13879749 bytes
->Java cache emptied: 411655189 bytes
->FireFox cache emptied: 33353104 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 45179820 bytes

%systemdrive% .tmp files removed: 6597 bytes
%systemroot% .tmp files removed: 117873 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132952611 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23405554 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 135751 bytes
RecycleBin emptied: 5085177 bytes

Total Files Cleaned = 693.00 mb


OTL by OldTimer - Version 3.1.25.1 log created on 01162010_214115

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\SYSTEM32\kbdsock.dll not found!
File\Folder C:\WINDOWS\temp\mcmsc_NuzN1Bbu08Wg54C not found!
File\Folder C:\WINDOWS\temp\mcmsc_SPO7uqdLeYzosNS not found!

Registry entries deleted on Reboot...


++++++++++++++++++++++++++

Please find RE-SCAN log below:

++++++++++++++++++++++++++

OTL logfile created on: 1/16/2010 10:02:11 PM - Run 3
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Documents and Settings\Matthew Tremmel\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 212.00 Mb Available Physical Memory | 21.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 8000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.30 Gb Total Space | 21.75 Gb Free Space | 30.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 60.13 Gb Total Space | 2.26 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
Drive F: | 172.75 Gb Total Space | 75.18 Gb Free Space | 43.52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIMEMEAT
Current User Name: Matthew Tremmel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Matthew Tremmel\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\SYSTEM32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\SYSTEM32\PRISMSVR.exe (Conexant Systems, Inc.)
PRC - C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\SYSTEM32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\SM1bg.exe (Cypress Semiconductor)
PRC - C:\WINDOWS\SYSTEM32\BRSS01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE (C-Dilla Ltd)
PRC - C:\WINDOWS\SYSTEM32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Matthew Tremmel\My Documents\Downloads\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\SYSTEM32\ati2sgag.exe ()
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (PRISMSVC) -- C:\WINDOWS\SYSTEM32\PRISMSVC.exe (Conexant Systems, Inc.)
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\SYSTEM32\BRSVC01A.EXE (brother Industries Ltd)
SRV - (C-DillaSrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE (C-Dilla Ltd)
SRV - (WMDM PMSP Service) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (USBAAPL) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys (Apple, Inc.)
DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (pae_1394) -- C:\WINDOWS\SYSTEM32\DRIVERS\pae_1394.sys (BridgeCo AG)
DRV - (pae_avs) -- C:\WINDOWS\SYSTEM32\DRIVERS\pae_avs.sys (BridgeCo AG)
DRV - (VX1000) -- C:\WINDOWS\SYSTEM32\DRIVERS\VX1000.sys (Microsoft Corporation)
DRV - (JL2005C) -- C:\WINDOWS\SYSTEM32\DRIVERS\jl2005c.sys (Windows ® 2000 DDK provider)
DRV - (UsbDiag) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RxFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys (Sonic Solutions)
DRV - (HPZid412) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys (HP)
DRV - (MCSTRM) -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys (RealNetworks, Inc.)
DRV - (ps_avs) -- C:\WINDOWS\SYSTEM32\DRIVERS\ps_avs.sys (BridgeCo AG)
DRV - (ps_1394) -- C:\WINDOWS\SYSTEM32\DRIVERS\ps_1394.sys (BridgeCo AG)
DRV - (DELL_A02) -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\AEGISP.sys (Meetinghouse Data Communications)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS (NVIDIA Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (SQTECH905C) -- C:\WINDOWS\SYSTEM32\DRIVERS\Capt905c.sys (Service & Quality Technology.)
DRV - (P17) -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys (Creative Technology Ltd.)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (C-Dilla) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANT.SYS (Macrovision)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS (Intel Corporation)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/06 09:27:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 05:54:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 05:51:27 | 00,000,000 | ---D | M]

[2010/01/09 05:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Tremmel\Application Data\Mozilla\Extensions
[2010/01/09 05:55:24 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Tremmel\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/16 15:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Tremmel\Application Data\Mozilla\Firefox\Profiles\0ux04f0s.default\extensions
[2010/01/09 06:08:15 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matthew Tremmel\Application Data\Mozilla\Firefox\Profiles\0ux04f0s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/09 05:51:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/09 05:51:27 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/22 12:41:43 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/22 12:41:44 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/11/19 17:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/12/22 12:41:45 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/10/03 00:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/14 14:00:54 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/14 14:00:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/14 14:00:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/14 14:00:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/14 14:00:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/14 14:00:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/14 14:00:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/12/21 21:32:20 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/21 21:32:20 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/12/21 21:32:20 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/21 21:32:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/21 21:32:20 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/12/21 21:32:20 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/21 21:32:20 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1bg.exe (Cypress Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FirePod Control Panel.lnk = E:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe (PreSonus Audio Electronics)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 115 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1220655070671 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} http://www.costcophotocenter.com/upload/ac...veX_Control.cab? (Photo Upload Plugin Class)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.dstsystems.com/,DanaInfo=ds...s.com+dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm.webex.com/client/T25L10NSP41E...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{37bd88de-6f80-11dc-b588-00904bc99fbe}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{4c2222e4-87f2-11d9-b08b-00904bc99fbe}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{9b4a0a4e-ace2-11db-b429-00904bc99fbe}\Shell - "" = AutoRun
O33 - MountPoints2\{9b4a0a4e-ace2-11db-b429-00904bc99fbe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b4a0a4e-ace2-11db-b429-00904bc99fbe}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/16 21:41:15 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/03 14:52:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Desktop\avz4
[2009/12/26 20:37:28 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Matthew Tremmel\My Documents\LifeCam Files
[2009/12/25 08:59:28 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/12/24 22:36:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Tracing
[2009/12/24 15:33:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2009/12/24 15:31:34 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/12/24 15:31:34 | 00,068,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/12/24 15:31:34 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/12/24 15:31:33 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/12/24 15:31:33 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/12/24 15:31:32 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/12/24 15:31:32 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/12/24 15:31:32 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/12/24 15:31:31 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/12/24 15:31:22 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/12/24 15:31:22 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/12/24 15:31:22 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/12/24 15:31:21 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/12/24 15:31:20 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/12/24 15:31:20 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/12/24 15:31:19 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/12/24 15:31:19 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/12/24 15:31:18 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/12/24 15:31:03 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/12/24 13:13:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/24 13:12:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/12/24 13:12:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/12/24 13:12:19 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/12/24 13:08:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/12/24 09:51:04 | 00,202,088 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LCCoin14.dll
[2009/12/24 09:51:03 | 00,709,992 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
[2009/12/24 09:51:03 | 00,185,704 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cVX1000.dll
[2009/12/24 09:51:02 | 00,476,520 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.dll
[2009/12/24 09:51:02 | 00,111,976 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\VX1000.dll
[2009/12/24 09:50:58 | 01,966,312 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VX1000.sys
[2009/12/24 07:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Desktop\digital frame
[2009/12/23 07:38:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Application Data\U3
[2009/12/22 20:57:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Tremmel\Desktop\New Folder
[2009/08/04 19:01:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/11/11 08:24:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2008/09/07 10:35:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/05 18:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/05/12 08:52:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\McAfee
[2007/08/15 18:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/21 18:25:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/02/12 06:03:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/02/12 06:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/02/12 06:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/09/13 04:59:57 | 00,036,963 | ---- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2006/07/11 13:29:00 | 00,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll
[2006/02/19 03:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2005/03/23 19:25:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com
[2005/02/11 17:42:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/02/02 20:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[1980/01/01 01:00:00 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 01:00:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2010/01/16 21:54:48 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/16 21:54:48 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/16 21:54:48 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/16 21:54:47 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/16 21:54:46 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/16 21:50:52 | 00,016,815 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/16 21:49:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/16 21:47:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/16 21:47:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/16 21:47:37 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/16 21:46:28 | 14,417,920 | -H-- | M] () -- C:\Documents and Settings\Matthew Tremmel\NTUSER.DAT
[2010/01/16 21:46:28 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Matthew Tremmel\NTUSER.INI
[2010/01/16 14:57:35 | 03,208,062 | -H-- | M] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\IconCache.db
[2010/01/16 08:20:35 | 01,334,364 | ---- | M] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\rx_audio.Cache
[2010/01/16 06:14:18 | 00,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A6924972-B1DE-445A-8501-2C2C388F1F46}.job
[2010/01/15 01:36:19 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/14 20:57:54 | 00,230,424 | ---- | M] () -- C:\img2-001.raw
[2010/01/11 14:43:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/10 19:48:05 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\worker.info
[2010/01/10 19:48:05 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\thread.xml
[2010/01/10 19:48:05 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\config.data
[2010/01/09 05:51:29 | 00,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/09 05:49:47 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/09 05:49:47 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/03 14:51:37 | 00,022,192 | ---- | M] () -- C:\Documents and Settings\Matthew Tremmel\Desktop\Welcome to BleepingComputer.docx
[2010/01/03 09:07:26 | 00,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/24 15:35:11 | 00,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2009/12/24 15:35:11 | 00,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Call.lnk
[2009/12/24 09:51:34 | 00,000,160 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job
[2009/12/24 08:32:24 | 00,163,840 | ---- | M] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 21:48:16 | 00,007,051 | ---- | M] () -- C:\Documents and Settings\Matthew Tremmel\Application Data\PrimoPDFSet.xml

========== Files Created - No Company Name ==========

[2010/01/10 08:14:19 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\worker.info
[2010/01/10 08:14:19 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\thread.xml
[2010/01/10 08:14:19 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\config.data
[2010/01/09 05:51:29 | 00,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/03 14:51:32 | 00,022,192 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Desktop\Welcome to BleepingComputer.docx
[2009/12/28 21:31:11 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2009/12/28 21:31:11 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2009/12/25 09:54:12 | 00,230,424 | ---- | C] () -- C:\img2-001.raw
[2009/12/24 15:35:11 | 00,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2009/12/24 15:35:11 | 00,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Call.lnk
[2009/12/24 09:51:31 | 00,000,160 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job
[2009/12/24 09:51:03 | 00,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2009/12/24 09:51:03 | 00,013,023 | R--- | C] () -- C:\WINDOWS\VX1000.src
[2009/12/19 13:36:19 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2009/12/19 13:36:18 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2009/12/19 13:36:18 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2009/12/19 13:36:18 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2009/11/09 21:38:47 | 00,000,020 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/11 10:03:24 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/02/07 04:40:45 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\keyfile3.drm
[2008/12/02 16:27:07 | 00,007,051 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Application Data\PrimoPDFSet.xml
[2008/12/02 16:15:13 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/10/17 08:42:39 | 00,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2008/07/26 19:02:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/04/28 12:13:33 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/02/18 15:29:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/02 07:46:29 | 01,334,364 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\rx_audio.Cache
[2007/04/20 14:30:54 | 22,735,920 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\rx_image.Cache
[2007/03/21 17:36:22 | 00,646,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/01/29 06:28:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/01/28 04:43:39 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p4now.sys
[2006/11/04 13:35:29 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/04 13:30:01 | 00,005,891 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/14 20:00:18 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/09/14 20:00:18 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/09/14 20:00:18 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/09/14 20:00:18 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/08/16 07:47:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/09 03:19:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/08/09 03:19:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/09 00:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/06/26 17:55:22 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/04/30 10:04:29 | 00,000,206 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/04/10 15:04:55 | 00,000,305 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/04/03 07:27:16 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/13 16:59:27 | 00,000,039 | ---- | C] () -- C:\WINDOWS\VideoWave.INI
[2006/02/24 10:20:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/02/23 15:56:46 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/02/22 15:13:40 | 00,003,309 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/01/15 10:48:28 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/12/24 10:28:23 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/11/14 12:56:15 | 00,000,057 | ---- | C] () -- C:\WINDOWS\DRAGDR~1.INI
[2005/10/27 12:01:27 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS0W.DLL
[2005/09/08 11:44:54 | 00,000,023 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/09/01 18:03:11 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2005/08/29 09:37:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2005/08/22 20:57:01 | 00,024,048 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2005/07/15 13:35:56 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 13:35:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 13:35:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/08 19:20:20 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2005/04/23 19:45:56 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFM.DLL
[2005/03/28 07:41:32 | 00,000,084 | ---- | C] () -- C:\WINDOWS\VideoToAudioConverter.ini
[2005/03/21 16:23:18 | 00,000,147 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2005/03/21 16:23:18 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2005/03/21 16:23:18 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2005/03/21 16:23:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bw5170dn.ini
[2005/03/21 16:23:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/03/21 16:23:16 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2005/03/21 16:23:16 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2005/03/21 16:23:16 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2005/03/21 16:23:15 | 00,015,108 | ---- | C] () -- C:\WINDOWS\HL-5170DN.INI
[2005/03/21 16:23:08 | 00,000,449 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2005/03/21 16:23:08 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/03/21 16:23:07 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/03/21 16:22:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\PTRCENG.DLL
[2005/03/11 21:02:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/02/16 05:16:19 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\fusioncache.dat
[2005/02/07 18:14:53 | 00,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/02/07 18:14:32 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/02/06 17:46:30 | 00,044,600 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFS.DLL
[2005/01/30 14:28:23 | 00,000,241 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2005/01/26 20:08:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/26 16:41:32 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/01/22 07:37:16 | 00,163,840 | ---- | C] () -- C:\Documents and Settings\Matthew Tremmel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/20 21:02:26 | 00,039,467 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/10 22:40:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/10 22:34:56 | 00,000,295 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/10 22:31:21 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/10 22:31:14 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/01/10 22:31:14 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/10 22:31:08 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/10 22:03:48 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/18 13:01:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2004/08/11 18:25:56 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/02 00:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 00:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/08/07 14:01:52 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 01:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\WebEx:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\underrhino.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\rhinonono.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\rhinoball.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\Quicken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\Meghan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\LifeCam Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\Ethan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\Desktop\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\Desktop\digital frame:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Matthew Tremmel\Desktop\avz4:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF8F1AE3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
< End of report >




#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:16 PM

Posted 16 January 2010 - 10:48 PM

Hi,

the log is looking good, please run a scan with Eset to check for left overs:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

If you wish to learn and help out on the forums, you can read about the training program available at bleepingcomputer here: http://www.bleepingcomputer.com/forums/t/86678/malware-removal-training-program/

There are several more schools available on the web, some of those are listed here: http://www.uniteagainstmalware.com/schools.php

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 twiceshy

twiceshy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 17 January 2010 - 11:21 AM

Hi there,

I ran the scan from Firefox so I chose the second option. I assume I only need to run this once regardless of how many browsers I use, correct? For example, I do not need to re-run it in IE as well.

Before I ran the ESET scan I was still getting redirects in my browser and a trust error message for gmail. After the scan and a reboot, it seems like it is not doing these things anymore.

Here is the result of the ESET scan:

C:\_OTL\MovedFiles\01162010_214115\C_WINDOWS\SYSTEM32\DRIVERS\61883.sys a variant of Win32/Rootkit.Kryptik.AF trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01162010_214115\C_WINDOWS\SYSTEM32\DRIVERS\ooqqxzc.sys a variant of Win32/Rootkit.Kryptik.AF trojan cleaned by deleting - quarantined

Again thank you for all your help so far. Please let me know what else I need to do.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:16 PM

Posted 17 January 2010 - 12:25 PM

Hi,

this is going to sound stupid, but ar eyou sure you were still getting redirected right before the Eset scan? The files deleted by Eset were previously quarantined by OTL and should have had no effect onto your system.

Let me know if you get redirected again.

Please also update your software:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 twiceshy

twiceshy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 17 January 2010 - 07:02 PM

Hi there,

I do know that it was redirecting before the ESET scan because my wife needed an address so as the scan just started I checked and it re-directed me. I was surprised that the log said it only found the ones from the moved files after the scan. I thought for sure it find something else.

I re-installed java and adobe reader now.

Anything else, my friend?

Thank you thank you thank you again.

Matt

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:16 PM

Posted 17 January 2010 - 08:21 PM

Hi,

yes one final step if everything else is fine:

Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  2. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  3. Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!

Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 twiceshy

twiceshy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 18 January 2010 - 07:58 AM

Hi myrti,

I will be working through the rest of your suggestions now. But before I create a system restore point, I have a few questions left. On point #4 you list keep software up-to-date. What is the best way to stay on top of this? Windows Update works fine for its software but what about other software? I've noticed that my firmware has gone out of date for my router before, etc. Is there a tool that checks your entire system? I remember when I was under the initial service plan with Dell you could go and check your system software and firmware, drivers, etc. to make sure they were up-to-date.

I'm wondering if a few other problems I'm having are related to drivers and such. My USB ports are not always recognized or when I plug into them, they either are not recognized, will cause blue screen or turn off the system at times. Also, I cannot burn a CD as well as I used to. It either writes 3/4 and errors out or only rarely finishes. If I shut down everything else, i.e. disconnect from IE, shut down antivirus, firewall, etc. sometimes it will complete but not always.

Could these issues be caused by out-of-date drivers, system software, etc.?

Please let me know if there is a tool or place I can go to check my drivers and download updates for other software besides Windows.

Thank you, MT



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:16 PM

Posted 18 January 2010 - 08:52 AM

Hi,

I believe secunia offers a couple of services for staying up to date: For one you can subscribe to email notification for updates when you visit their site. Next they offer the PSI besides the online scanner, which you can install and which should alert you when you need updates.

Finally I linked you to the calendarofupdates.com in my previous post. This site also offers email notification for updates.

Regarding the usb-ports I have a couple of those as well, in my case they are due to a loose wire and I have given up on fixing that. It could of course be due to old or broken drivers, if you know that the drivers have been updated it may be worth a try to bring them up to date.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 twiceshy

twiceshy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 18 January 2010 - 08:54 AM

I started reading about creating a system restore and when I go into Control Panel > System, I do not see a System Restore tab in the pop-up. I checked my in Users and I have only one user Matt and I am administrator for the computer. Do you know how I can get this tab to display so I can make a restore point?

Thank you, Matt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users